So I need a bit of help on how I should properly handle gun functionality for best performance to security. I have read up on a lot of other posts asking for similar advice but the answers were very broad and never really provided a concrete method. I have implemented a lot of what they were saying but I can’t help but feel like I’m still missing something.
Obviously the main concern here is how to avoid exploiters without sacrificing too much performance while also making it fair for the shooter and the receiver. My current method is as follows:
- Client handles click detection and general visuals/audio
- Client calculates a Raycast to ensure you’re hitting a player target
- Client provides the server a few pieces of information:
-Initial bullet position
-Instance provided by the Raycast
-Position provided by the Raycast
- Server double checks to ensure provided instance is indeed a character
- Server does these checks to make sure the shot was legit:
-Makes sure the gun is equipped
-Makes sure the gun has enough bullets
-Checks to see if the provided initial bullet position is roughly within 5 studs of the guns barrel
-Checks to see if the provided Instance is roughly within 5 studs of the Raycast’s target position (*)
-Checks to see if the guns firing rate isn’t on cooldown
- If all above conditions are met then deal damage and return that information back to the client
(*) The part I’m mainly concerned about is the provided instance and position values were provided by the client, meaning that this information can easily be altered via exploits allowing them to hit targets from anywhere (at least to my knowledge). The current solution I can think of is to just do another Raycast check on the server, but a lot of the posts I read up on believe that Raycasts on the server are slow and might undermine the user experience of the gun.
If anyone has a better/quicker method of making these checks or if there are some checks that I’m missing please let me know, or maybe my current method is completely wrong and if so, please enlighten me!
The current method is for a single fire pistol but I do plan on making automatic weapons in the future, so any information on how to handle rapid fire guns would also be really appreciated. Unless, of course, the methods for single fire and rapid fire are the same which would make this much easier!
TL;DR: What is the best method for security without sacrificing too much performance/user experience when making guns? My main concern is I might be forced to do a second Raycast check on the server but people believe server Raycasts are slow and might hurt performance, any advice on how to best balance this?