• Hey! Guest! The 37th GMC Jam will take place between May 28th, 12:00 UTC and June 1st, 12:00 UTC. Why not join in! Click here to find out more!

Can you make a game rule to your online players to NOT take advantage of your game bugs?

Lets say you wrote a really cool game that is a online MMORPG. In the game, which you do not know , there is a bug in your programming that allow players to have a unfair advantage ( e.g. get free money for nothing ) over other players who play the game fairly. You dont know about it this bug, so as a game rule with all the players who use your online game, you tell all your players that they can not take advantage of your software bugs if they find them.

Now in my opinion, that just means your game was not thoroughly tested to find all these bugs. Maybe your beta testers are not spending enough time to find these bugs that players in the game can find. I dont know.

Is this a sign of sloppy software development? Thats the question .....

A long time ago, I used to play a online game called Runescape by Jagex , and in their game rules with their players , they have this exact rule that, if you find a bug in their software that, "Players must not use or attempt to use any cheats or errors which they may find in our software." They still have this in their rules. Even if it seems like a fair rule, how many players do you think in their right mind are going to follow it, if they cant get caught by moderator, because its a bug in the game that has not been corrected?

Look at this, from Runescape's website :

Scroll down to the section titled :
Knowingly Exploiting A Bug


What do you think, would you make the same game rule with your online players of your game?


I think that the rule is probably independent from how the game has been developed, it's just a safety net. You can never be 100% sure you don't have bugs that allow others to have an unfair advantage or blatantly cheat, that rule is not preventing them from doing so, but may give you the right to ban user accounts in case you are able to track this behavior to specific players.
It is not a big deal probably in free games without any kind of monetary transactions, but think about online games where you can spend real money: suppose you find that one of the users that is taking advantage of a bug spent quite a bit of money as well, and you get why it may be lead to some complex scenarios.
Last edited:
You can do what you want, it's your game, but you as a programmer can fix bugs and avoid exploits. TF2 took out rare glitches after like 6+ years.


You absolutely should add this rule, there's no harm in having the rule even if you don't actually enforce it ;) That being said, you really need to be careful with online games, this "rule" is just your extreme last ditch safety net. You should have some kind of backup plan, like rollbacks or something to deal with situations, and you should have public betas before even thinking about releasing fully. Banning players every few days for exploits is basically going to get you a lot of flak, and generally speaking, you want to be handing out suspensions or whatnot first. But even rolling back data is a last ditch TBH, you should really just be ultra careful when you make online games, maybe even add in some defensive code to deal with a variety of problems you think might pop up.
@Catastrophe Well Runescape, as far as I know is written in Oracle's Java, which is a client side app, but what if the game online is a server based since GMS:2 games are converted to Javascript ( which is not the same language as Oracle's Java ) ? Do I still need this rule?


The language you write your game (or server) with doesn't really matter, in general making a game "secure" means NEVER trusting the client data, you work under the assumption that the client is able to freely modify the client code and data you get.

Java is just a language (and has little to do with javascript). You can write both client and server apps with it. Moreover, server based games are not converted to javascript in GMS (unless you are using the HTML5 export), you can write a server app for your game for every target. The server itself needs to be able to run it, exporting a linux server for a windows machine is obviously useless.
Last edited: