How to Secure Client-Side Raycasting?

Help and Feedback Scripting Support
#1

So, here’s the deal.

I’m making a simple gun and it works like this:

  • The player clicks and a ray is cast.

  • If the ray hit an object, fire to the server.

  • Server determines whether the hit object is a descendant of a player’s character.

  • Damage is dealt.

There’s a problem with this because in this case I’m trusting the client to tell me what the ray hit which could allow exploiters to trick the server into incorrectly damaging a player.

I have no idea what type of server check I could implement to prevent this from happening.

I know I can cast the ray on the server, but it’s not as accurate.

Thanks.

#2

You can always use Sanity checks server side to nullify “ray-spammage” Things such as capping the amount of rays that can be shot in a given time frame can help better secure your game

#3

Do a serverside debounce matched with the rate of fire of the gun. You can always do a raycast on the server for line of sight to validate a possible hit.

2 Likes
Multiple raycasting being a lot more expensive than usual, what is going on?
#4

Thanks for the suggestion, will do.

#5

I don’t know why I didn’t think of this earlier, it’s so obvious. Thanks for the help!

1 Like
#6

Its easy to overthink and overlook, goodluck!

1 Like