Im making a item system for my game and I plan to work on a item collecting system something like collecting items of the ground, my problem is what type of sanity checks do I need to do to make sure that exploiters can’t just fire the event that controls the item collecting system? The event only sends the item id but is context the only/better way to make sure this is safe?
For example checking if player X is in the area Y, if he has level to be in area Y (this may not make sense always), checking if that item can be collected through that method, checking if he has the tool/tools to collect that item, things like that.
In my head all of this only/mostly makes sense when working Client - Server, if I’m handling the item collection on the Server sure no problem but I want for example to have a item only appear to someone then I need to work through the Client no?
Generally yes. On the server, make sure that they’re close enough to pick it up, a high enough level, etc. It depends on what you’re trying to sanity check and how important it is to be secure.
Some events can actually be client based, like Touched. Clients can spoof touched events for their character, so it’s good to still to checks for those, even if it’s on the server. (This only applies to assemblies with client network ownership like characters and sometimes nearby unanchored objects.)
Because of the thing mentioned above, there isn’t that much difference in security. In general verifying that the action seems roughly possible on the server is good enough, since character action based things (such as picking up an item) can pretty much always be spoofed.
If you really don’t want the items on the client, you can have the items on the server, but just make them invisible and non-collide on certain clients (so the visuals are client sided but the items aren’t).
As for the title, nothing is really exploit proof. If you have the right checks in place, players can only pick up items around them that are valid based on their character’s stats, but they can still have exploit code that automatically picks up the weapons when within the sanity check range or exploit code makes their character fly around (assuming you don’t add sanity checks for character movement).