I want to make a gun system that does raycasting on the client, then sends the info to the server to validate the hit. But I’m confused on how you would do this system, like how you would handle firerate, reloading, etc. My current system handles the firerate, reloading and everything else on the server, and only uses the client for input, so im not sure how this would work?
I would do almost everything on the client side and only use server when you have to. For example raycasting on the client is a great idea as well as bringing the firerate and reloading into the client (and depending on the number of guns having values in a module). Personally I would only use the server side for the animation of the bullet and the damage (local side wouldn’t count the damage).
1 Like
they can only exploit it if the server is relying on the client for a piece of information that it is not validating when it recieves it.
So basically, I can handle important gun values from a module like reload speed, fire rate on the client and it wont be susceptible to exploits?
You can do that so long as when you pass that information to the server it has a way of verifying that it is what the client says it is. You can have the client handle anything, the issue is when the client tells the server something. because it can lie.
The server knows no better unless you teach it to work around the lies or avoid letting the client lie to the server at all.
Also here I would recommend keeping all visual effects on the client side and only using the server for key information regarding the functionality of the game. The server does not have to care about animating the bullet, it just has to know where its going, when it gets there, and when it does, who it hit, to apply the damage. The client can do all the animation and VFX which takes massive, massive load off of the server which can absolutely boost your games performance. I used to think it didnt matter, then I started making a game, it mattered very quickly 
So basically, yes the exploiters can change those values but, it wont matter if they can’t even fire a bullet or reload their gun if the server checks and invalidates their actions, right?
ps: I’m also confused on how you could prevent fire-rate exploits
Yeah they can do literally whatever they want on the client side. They can literally tell your game that a part doesnt exist and itll just go “ok” and they can walk right through it. Thats no clipping in a really basic context.
Some people will tell you the fix is to glue a part to their humanoid that registers the collisions. They can just delete that part. Dont worry about it that much, they will find a way around anything, only fix stuff that is gonna break ur game.
Now if you have those values on the client, and you use them on the client, they can do WHATEVER they want to it. They could make their gun look like its firing a billion shots per second. But thats the key part, they can only make it look liek that is happening for themselves so long as you detach their information from the server.
They can make themselves fire a billion bullets a second, but the server, and everyone else, would interpret it as completely normal gameplay so long as you avoided letting the exploiters client, or anyones client, tell the server how fast their gun should be able to fire.
If you dont let the client tell the server how the gun works then the server is safe. Or if the server knows how the gun works and can refuse the client from trying to tell it otherwise.
To prevent fire rate exploits: dont let the client tell the server how often your gun should be able to fire. Let the server already know that, or have a builtin cooldown.
1 Like
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.