Sign in to follow this  
Chris Reynolds

Persistant character storage in a P2P game

Recommended Posts

I'm in the process of writing an online game. Their is a master server that connects clients to a lobby in which players will challenge eachother to matches that take place off the master server, and on a client to client connection. I want to keep usernames, passwords, and character stats as reliable and persistant as possible, and store them so that cheating is hard. What is the best way to go about doing this? Do I save all user information on the master server? I've looked into Postgresql thinking I could store everything in a secure database, but I can't even begin to understand the workings behind that. Thanks in advance

Share this post


Link to post
Share on other sites
Yeah, storing it in a database on the server is probably the simplest solution. At the end of each game, you'd have each client send what it thinks all the other clients should have scored so that no one could cheat (though they could all be in cahoots, I suppose).

Storing the information in a database like postgresql or mysql or whatever is quite common. If you feel that's a bit complex for your situation, you can store it in a simple text/xml/whatever file to begin with, and move on to a database when your game becomes more popular. The great thing about working on server-side stuff is that you can completely change the back-end and as long as the public interface stays the same, everybody is none-the-wiser!

Share this post


Link to post
Share on other sites
Quote:
Original post by Chris Reynolds
I've looked into Postgresql thinking I could store everything in a secure database, but I can't even begin to understand the workings behind that.

In that case, you better start where everyone who deals with databases starts. Namely, here. You need to grasp these concepts before you move on to using an SQL database.

Share this post


Link to post
Share on other sites
Hmm, looks like I better get my nose back into PostgreSQL.

Good thing is the newest versions of RakNet are now supporting it and will soon have Ranking and Clan support. Might as well switch over to RakNet, that might make things easier for me.

Thanks for the replies

Share this post


Link to post
Share on other sites
If you really want to understand things then look into: DBMS cow book

Awesome book that explains E-R diagrams and other ideas along with normalizing a database and relational algebra/calculus not that you ever need to know it to design a table and such :\

Share this post


Link to post
Share on other sites
Quote:
Original post by Chris Reynolds

and store them so that cheating is hard. What is the best way to go about doing this?
Storing it is not hard.

The impossible part is preventing cheating in P2P model.

If you only support server/client model, then choose storage of your choice - it will not impact security.

In P2P model you lose authority. It doesn't matter who is storing the data - it's who can modify it. The only viable ways to prevent cheating is to simply allow it, or to empower only a trusted entity to modify the data (central server under your control).

Other ways are possible, but are mostly not viable for this purpose.


If matches are simulated deterministically, then after a match is complete, players would upload full replay, and it would be played by the server again to determine the results. This is semi-viable, since it requires careful coding as well as potentially considerable server-side resources - you might as well run everything on server.

This also prevents only some forms of cheating, there is nothing to arrange matches in such a way to ensure optimal progression of select few players (mybrute is an example of a game that can be exploited in such a way).

Share this post


Link to post
Share on other sites
You might consider the way "realm" Diablo 2 works.

But keep in mind those games are hosted by the server, not clients. There's really no easy to way to trust a P2P network. Either the server hosts the game and it's the authority, or it does not and the data must be assumed to be false.

Cheating, of course, takes motivation and time, for a game that is small and not played by many people, you could get away with it for a while (or forever). But obscurity is not good security, unfortunately.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this