Jump to content
  • Advertisement
Sign in to follow this  
HopeDagger

Clientside maps or send-on-request?

This topic is 5140 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

As I work on my project more and more, I realize that cheaters/hackers will eventually make an attempt on my game, and I want to be prepared. :) My game's maps are a fairly simple tile-based format, and I'm not sure what the best way to go about supplying clients with map data is. If I store the maps clientside, people will more than likely hack into the maps and be able to change data around, giving them advantages like walking through walls, etc. The only solution I see is sending the maps on-request to the clients from the server. However, this is going to be costing some major extra bandwidth to be constantly supplying map data to players. Even at only 1 byte per tile, sending a mere 50x50 block is 2.5kb. Then stack on more for objects/entities that it needs to receive as well. Any suggestions on a good way to approach this problem?

Share this post


Link to post
Share on other sites
Advertisement
Quote:
Original post by mike25025
the clients should request to walk


Uhm, could you be more specific? How does walking tie in with my question?

Share this post


Link to post
Share on other sites
because then the server can confirm that where they want to walk is a valid position. this way even if they hack the local maps, the server won't allow them to walk through walls.

however, i think this may or may not work depending on how movement is done in the game so far. give more info. do you use keyboard or mouse movement? are you constantly sending position updates, or have some sort of prediction going on, or both? is movement tile based or per pixel? can you move diagonals?

i also have been pondering this same question, too, so i'd like to gain something from this discussion as well.

Share this post


Link to post
Share on other sites
the reason his answer didn't really fit your question is that you didn't provide enough data to answer the question correctly. could you describe what you game is? is it some kind of MMO? is it just a 2D single player game?

the reason he said what he said is the following. in a MMO type of game you always want the maps client-side b/c otherwise it's a waste of bandwidth. you prevent people from walking through walls/ etc by having the server check their moves. client presses walk forward -> data goes to server -> server verifies that walking forward is ok -> server updates client position if position is ok -> server tells client its ok to move forward -> client moves forward. now that's a really naive implementation for a great number of reasons, but it's the general base idea. you can do things to make it look better on the client side, but this is how data needs to flow. the server always maintains the actual position and allows/disallows movement, checks that the movement speed is correct, etc. that way even if someone does hack you maps they can't do anything about it b/c the server won't let them cross the walls. if they hack the client so that it doesn't listen to the server then it doesn't matter anyway, since they won't actually be where the client says they are. thus they won't encounter any monsters, won't get any loot, won't see other players, won't be seen by other players (except where the server thinks they are), etc. they'd also then be open to getting killed b/c if a monster spawned where they were (according to the server) the player wouldn't see it b/c the client would draw it in the correct spot on the map (which is not where the player is on the client system). thus the server would mark them dead b/c they don't see the monster, don't fight it, etc. so generally hacking the client just lets you see maps, you don't get any benefit of scouting for enemies, etc.

it doesn't matter at all if people hack and see the maps anyway. if you have any kind of user base one of the first things that gets posted to the internet is maps. so even if people don't hack your data to see the maps they'll have access to that data anyway from people who have played through various areas and posted the info on the web.

-me

Share this post


Link to post
Share on other sites
Also, you should only send information about the world from the server that the client needs to know about. Just make sure to have a buffer so there are no situations that appear where the client isn't able to view data that it should be able view, because it walked away from the designated area too quickly. However, making this buffer of data sent to client as small as possible will mean that any hacking that is attempted on the client will only be able to show the actual data sent to it, ie. what is contained in the buffer. This prevents unlimited view distance hacking etc. to a certain degree, though it should be fairly obvious as well it is more economic for bandwith to not send the state of the entire world

Share this post


Link to post
Share on other sites
Ah, I'm seeing it now. The server needs to be the ultimate authority in the server<->client relationship, so all non-trivial actions/events need to be confirmed by the server ahead of time. Gotchya. I've got a lot of careful programming ahead of me. :)

Thanks for the help!

Share this post


Link to post
Share on other sites
i have a question to throw into the pot.

is there someway to verify that a map file has not been tampered with? i can't really see anyway to do this, besides from the obvious thing which is having the client send the server what his map file looks like, server verifies and sends back either an "your ok" message or the correct map file. however, this isn't realistic, in fact if you were doing this you might as well have the server just send the client the map file regardless, but, then again, perhaps the former would be faster since the server would for the most part be downloading and not uploading, unless a person had a corrupt / hacked map.

maybe the client could send the server how big his map file is, and if they dont match up, it is hacked? however, this doesn't make sence, since if a player wanted to change his local map, it would still have the same amount of data in it, unless you had some strange setup in your map format.

Share this post


Link to post
Share on other sites
the bottom line is that you don't care if the client has a correct map. they installed your game so they should have the correct map. if they've tampered with it then they will probably be unable to play. this is not a problem that your game code should handle. it's a problem that your customer service department should handle. it doesn't matter if a client has changed their maps b/c the only map that matters for the world-state of the game is the map on the server. if the client broke their map, then they need to talk with CS about how to fix it. basically they'll have horrible bugs like hitting invisible walls, being killed by monsters they can't see, etc. the base level of checking you do is to verify that they have the same version of the game as the server (you check a simple version number). if the version numbers don't match, you error out and tell them to dl the patch / start an automated updater. if the version numbers match then they _must_ have the correct map unless they tampered with it. generally you don't make things easy for people who knowingly broke the game.

-me

Share this post


Link to post
Share on other sites
Quote:
Original post by graveyard filla
i have a question to throw into the pot.

To answer your question you could always have the client calculate a hash (like a checksum) of the map, then send the hash to the server. The server could then verify the hash. The problem is that this assumes your client to be trustworthy, which is bad because the client itself could be hacked.

Back to your original post, I don't see why sending the map to the client is such a bad thing, as long as the client is able to cache the maps. Compress the maps before you send them if you want. This would let you have pretty dynamic worlds (assuming your game is some sort of mmog, otherwise I don't guess it'd be that important).

Still, I'd say do what others have suggested and have the server verify every nontrivial thing each client does. Don't trust the client at all. Trust. No. One.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

GameDev.net is your game development community. Create an account for your GameDev Portfolio and participate in the largest developer community in the games industry.

Sign me up!