Is there a way to retrieve the player’s ping from the server? Right now I’m using a module that times the round-trip response time of a RemoteFunction’s :InvokeClient()
call from the server, although I speculate that this may be exploitable with the client responding ahead of time in order to feign smaller pings. Retrieving the player’s ping is important because projectiles are moved ahead of time depending on the player’s ping as a form of lag compensation.
If you pass a random number and require the client to respond with the same random number then they won’t be able to respond ahead of time because they won’t know what the random number is yet.
I forgot random numbers are good for security. Didn’t think of that, thanks.
Still, I was hoping that there was an obscure method which I can use, but this should ease my concerns.
For even better security, pass the client a GUID
Looks like overkill, and I doubt exploiters would go as far as breaking Random
in order to break into my game.
Thanks though.
Try to avoid InvokeClient as much as possible. An exploiter (or even a player with bad internet) may choose to simply not respond, getting the server stuck in an infinite yield.
That’s what using multiple threads is for.
There’s no known (published, at least) way to predict future outputs of Random
given past outputs.
For my game I’m working on, I’ve created a security wrapper both on the client and server which generate a pseudo random key which is attached to every remote event I register to that wrapper.
This means the server always knows what’s next within the sequence and expects the client to by in sync with the server. If an exploiter fires a remote event without the correct key - or none at all - they’ll lose sync with the server and therefore, will be kicked from the game.
It isn’t a fool proof solution as if you are magically able to know exactly how many events have been fired, you’re able to then know the next key which is expected. At least it’ll stop 90% of exploiters who just download other people’s code and run it without thinking twice.
To create a pseudo random key, you’ll need one prime number and one non prime number. I’d recommend these numbers be fairly big.
Anyways, in addition to above, I also have a watch dog timer for the client. Basically, the client has to respond within a certain time frame or I’ll be kicked. This prevents the client from disabling the security local scripts as well as unintentionally kicking users who are lagging.
Hopefully this gives you some idea for your project.
Edit: Yes, this is slightly off topic, but was just trying to add additional information to the whole above Random strategy and general preventing users from exploiting your remotes you’re using.
Woah this is interesting, do you mind sharing some code so we could also implement it into our games for security?