In my wizard game there is a dragon that shoots fireballs at you. In order to avoid getting hit (and die), you need to dodge the fireballs getting shot at you.
Now, if I want to check whether or not they are in the correct position (so as not to kill them, and award them with a point) I need to know where the fireball is shooting at and where the player is.
However, because of latency, I cannot correctly know where the fireball is nor where the player is.
Solution: make the client register where it stands (easy) and where the fireball currently is. And yes, the fireball is made client side. So, I can check on the client and then fire the server and say: “Hey, I was in the correct position – now give me my points!”.
The thing though, is that this is easily exploitable. The client can just fire the server and say; “I was not hit!”, “I was not hit!”. And they can get “infinite” points – in other words: cheat.
But I cannot do a whole bunch of sanity checks on the server. Why? Because of latency the player might be in a different position. And I cannot know if the player was in the correct position when the fireball came.
Before I ask for any tips and tricks on how to solve this. I have some key info that might be helpful:
The sequence of where the fireball is going to shoot, is decided on the server. So, the server knows in what order the fireballs will be shot, in other words, where the fireball is going to hit.
If any genius here knows how to combat it and/or make it safer against exploiters, I will be through the roof.
Thank you so much for reading - and looking forward to an answer. Thank you!
I would just do the detection server-side tbh. The client is never trustworthy. The most you could do securely is have an obfuscated script that sends encoded event strings, but that’s not 100% safe.
Server side checks like this are difficult when a player has high ping, but client checks are not a replacement for server checks.
You could potentially measure a player’s ping and give them that much extra time for their character to be out of the way, but be careful because a player’s ping can spike and dip. In addition, players can also boost their ping (add latency) with external software by delaying sending back a response. But that does not necessarily mean it takes longer to receive the information. This would give the player a huge reaction time advantage.
Ultimately, you should give the player a little extra time to react in your server side checks to account for ping in general. Maybe 0.1-0.3 seconds extra.
The issue is just that I need to do the checks on the client.
Because of latency, the server might think someone is inside an area, even though the player might’ve just moved.
Say it takes 1 second for the client to fire the server. In that second, the player might have moved - but the server doesn’t notice the new position until 1 second later. And might kill a player, even though he is not in the area anymore.
I don’t think there’s a secure way to do this other than the server. The client would allow you to dodge it smoothly, while on the server it’s easier because of the delay between each position check.
To fix the problem you’re having what you could have is a goal position for where the fireball is going to be. Once the fireball is near the goal on the client simply just check on the server to see if the player is near the goal if they aren’t they didn’t dodge.