I’ve been developing an FPS game for quite some time . I’ve so far accomplished many optimizations and the game had gained most of it’s functionality. Although, I believe security is still lacking.
Weapons in this game rely mostly on the client, this includes casting bullets. I consider this quite vulnerable at the moment since an exploiter can easily fake rays, and the server would still believe it.
I thought of a procedure to, perhaps, make it less vulnerable by verifying that ray on the server:
Client casts ray, hits another player, fires a remote.
Server receives it, casts another ray between the player and it’s target to see if any surroundings block the shot.
NOTE: The ray that is cast on the server does not check if it had hit the player or not, it will only check on other objects such as walls and props.
So we may come to the main question: Would any part of this method, potentially struggle the server, when done many times at once?
Of course, I don’t mean a ridiculous amount, although I would say it would be at max 50 rays per second.
Honestly, I don’t see a difference in doing this on server only because you are casting a ray on the server afterall. However many rays being casted on server probably won’t stress the server, as I’ve tested myself (1mil rays per frame).
I don’t think having that very small delay would be an issue. However, it could cause such problems like moving hitboxes seeming like that they were hit on client, but this may not be the case on the server, which seems unfair.
Since your server knows the differential equation of the projectile, all the client needs to do is send over a signal that the hit occured. Since the server could then solve for time elapsed since the projectile was created, it would narrow down the ability to fake rays and exploit without needing to do complex ray checking.