Distribution

[thetree]

I don't really get this. If most of the work is done server side, that puts less strain on the player's computer. And that's what matters, isn't it? The ones hosting servers can worry about having a powerful enough computer.

What I'd worry about in that case is connection speeds. Depending on what kind of game you are trying to make, this might not be an issue (for example, a classic RPG).

As-in, not a dedicated server. You would host a server much like you would host a listen server for a source game or most games on XBox. The host would also be playing the game, their computer acting as the server. If the clients do more of the prediction and the server just verifies those predictions it reduces the workload for whoever is hosting.

Most people wouldn't cheat, I agree, but it seems silly to develop something where its easy to cheat. I'll have to think of some snazzy way of doing things.

[Robin]

The thing with fighting cheaters, like with all computer security I'm following the course Digital Security, it's awesome: security is a trade-off. If you want to be more secure (and you can never be perfectly secure), you will have to pay something else: memory, time, user-friendliness, other types of security, ...

You'll have to decide what and how much is fighting cheaters worth to you.

[thetree]

The thing with fighting cheaters, like with all computer security I'm following the course Digital Security, it's awesome: security is a trade-off. If you want to be more secure (and you can never be perfectly secure), you will have to pay something else: memory, time, user-friendliness, other types of security, ...

You'll have to decide what and how much is fighting cheaters worth to you.

The downsides of adding anti-cheat are so minute it isn't really a consideration in my opinion. I know you'll never be fully secure (dll injection, packet editors and such but thats not what I'm worried about) but having a game with multi-player functionality without some sort of anti cheat is just plain stupid. Firstly, who wants to play a game thats impossible because someone else is cheating? Secondly, it would make things like scoreboards pointless if you could either: a) edit the scoreboard code to give you infinite points or b) edit your player data in order to beat every level or whatever with ease.

Having no means of securing something is such a huge floor for LOVE. One of two ways I can currently see to secure things is to use a remote server for hosting games or validating which I don't want to do. The other is Client-Server prediction which is probably the only viable method for client hosting, something like if the player moves further than it should be possible in a tick then they're cheating. But this isn't flawless as is shown by the Minecraft AC.

I still want to pursue the hashing route, but I can't see any way of getting round the fact that you could use the same hashing algorithm in a separate file to gain the hash.

Gah, LOVE is so awesome but this is such a large problem :/

[slime]

Several ways to help deter cheating and modifying the game client have already been listed. As the techniques get more complicated (and thus go out of the scope of LÖVE), the returns start diminishing significantly, especially because the type of people who would get past the more basic methods are also the type of people who might get past more advanced techniques.

In the end, LÖVE is not meant to hold your hand when you want to secure your client or your client-server communication. That's up to you, not the framework. LÖVE does provide enough of a base for you to do so.

[thetree]

I realise LOVE isn't there to 'hold my hand', I'm asking for ideas to at least deter cheating.

To confirm then:

1) LuaC 32 bit binaries work on any other 32 bit system, including windows/linux/mac.
2) LuaC 64 bit binaries work on any other 64 bit system, including windows/linux/mac.
3) Hashing is easily by passed in Lua.
4) Server prediction could be used to detect cheating.
5) Worry about the client, not the server.

Yeah?

Thanks for all the help everyone.

[kikito]

... so that is an incredibly stupid idea.

the idea of ... is just plain stupid

Gentlemen. Please.

Yeah?

I would add a point to your list. Never forget that the ultimate objective is making a game, not a secure multiplayer server.

A multiplayer game with no security at all is much better than a secure multiplayer server with no game at all.

Security is one of those potentially incredibly complex programming things; they consume as much effort as you are willing to let them. If I were you, I'd schedule a fixed amount of time (1 day, 1 week, anything) to security, and not more.

[Robin]

Exactly. To add to the point of that you'll want to make a game, not a secure server: you seem to have implicitly accepted that a game where cheating occurs is not fun. However, it can still be loads of fun. There are even games where the whole point of the game is cheating. (I don't recall a computer game with such a mindset, but I think the card game "Muchkins" has something like this "cheating is allowed, as long as you don't get caught" or something.)

Also: gentlemen

[thetree]

I totally agree that the game is more important than the security, however before I commit myself to spending time on making said game I want to make sure its possible to do what I want to do.

There are even games where the whole point of the game is cheating. (I don't recall a computer game with such a mindset, but I think the card game "Muchkins" has something like this "cheating is allowed, as long as you don't get caught" or something.)

I agree, keeping on a card game basis, the card game 'cheat' is based entirely around cheating. However I doubt you would get the same satisfaction playing some sort of multi-player shoot-em-up when someone has just blown you head off 100x in a row.

[Affi]

I can confirm that network security is an absolute nightmare, we've dedicated months of time to it so far on the server-side in terms of Affinity Play.

[T-Bone]

People are going to play with people who don't cheat if they don't want to play against cheaters, as long as you let the players chose their opponents. As long as you don't do a Nintendo, it's fine.