The title kinda explains it all but since I need to explain more, is it better to do the player’s knockback on the client? Does it effect anything serious, since exploiters can just alter their characters regardless, or is it just better to do the knockback on the server and have it heavily delayed?
I would probably do the initial knockback on the client, then do a check on the server to see if the knockback calculations were correct. I’d not make it too harsh, maybe only if it’s a few magnitudes off but that is probably your best bet.
Alright, I’m going to test this out and I’ll reply to you when I’m back.
Do it on the server. Exploiters can hook the client.
Exploiters can do it regardless, that’s not the biggest problem, a anti-cheat could fix that, the biggest problem is good knockback.
2 Likes
Still do it on the server. Don’t trust the client with the knockback. Or do it in a fireclient event.
I would definitely recommend checking the client on the server to make sure things are fine and doing the main knockback on the client…
That’s what I was gonna do, that is what the first person said.
That’s literally what the first person said.
Exploiters can still spoof a FireClient function.
Do it on the client. You are sacrificing UX for actual players worrying about exploiters, when you could be doing proper sanity checks and evaluations on the server.
The fireclient is only used to receive knockback, it will then check on the server where the player is suppose to be and if they’re in a certain range then they’re good.
I don’t think you quite understand the method @CryoPlaysAlot proposed, whether the exploiter spoofs the RemoteEvent or not, the server will still be doing an evaluation to check if the player did actually get knocked back. You cannot avoid exploiters, all you can do as a developer is minimize possible exploits by writing secure systems.
One thing I forgot to mention is to always make sure that your remote events are SECURED. Failure to do this could cause serious vulnerabilities in your game as the exploiter can spoof it…
I know this much, I just wanted to know which was better.