Excellent defense: “You sent me the packets revealing where all the other players were. If you didn’t want me to know they were behind walls why did you tell me precisely where they were?”
Yeah, doing such checks on the server side of things is more computationally intensive but it would solve that problem entirely and you wouldn’t need client-side anti-cheat bullshit anymore.
The first rule of network programming is never trust the client. How does anti-cheat software work? By trusting the client.
It is impossible to do these types of checks on serverside. Your PC needs to know where to render the enemy character ahead of time, otherwise they’ll pop into existence after you are dead. Bonus points for packet loss. Programming games isn’t the same as validating input from some rando trying to log in on a site, it’s an unsolved problem that all games have an issue with - from FPS like CS, RTS like Starcraft 2, to mobas like League.
Why impossible? Server-authoritative programming is common in PVP gaming, even high-performance recent games. I don’t think anyone is suggesting lazily loading chunks of player data like wandering into a new chunk in Minecraft. Just write efficient, clean code that anonymizes or encrypts player data so it can’t be read client-side.
Excellent defense: “You sent me the packets revealing where all the other players were. If you didn’t want me to know they were behind walls why did you tell me precisely where they were?”
Yeah, doing such checks on the server side of things is more computationally intensive but it would solve that problem entirely and you wouldn’t need client-side anti-cheat bullshit anymore.
The first rule of network programming is never trust the client. How does anti-cheat software work? By trusting the client.
It is impossible to do these types of checks on serverside. Your PC needs to know where to render the enemy character ahead of time, otherwise they’ll pop into existence after you are dead. Bonus points for packet loss. Programming games isn’t the same as validating input from some rando trying to log in on a site, it’s an unsolved problem that all games have an issue with - from FPS like CS, RTS like Starcraft 2, to mobas like League.
Immortal gates of pyre does it, and it’s just sc2 but better.
Why impossible? Server-authoritative programming is common in PVP gaming, even high-performance recent games. I don’t think anyone is suggesting lazily loading chunks of player data like wandering into a new chunk in Minecraft. Just write efficient, clean code that anonymizes or encrypts player data so it can’t be read client-side.
Okay, now the player data is encrypted and unreadable by clients.
How will the client display where the players are without data…
Why are you bothering to spend cycles sending this useless, encrypted data…
If you mean to decrypt the player data once it reaches the client, then you have solved no issues…
“Oh no, we don’t need to worry about any sanity checks in the database, that’s all taken care of in the javascript frontend”
I didn’t come up with that, but it’s the same logic. Actually expressing something like it in a professional setting could get you fired.
Not in the games industry, though.
Because there is a reason nobody does that serverside. Programming games and programming a service are two different beasts.