Questions about multiplayer security and server speed

WimpyLlama

Member
I'm making a PVP/Tower Defense multiplayer game in GMS2 and I'm wondering how secure it is. What I mean by that is, if I store something like, for example, how much damage a weapon does on the client-side, is it possible/how easy is it for a hacker to hack the client and change that value to have an advantage in PVP. If it is possible, I'll have to handle things like that on the server-side of things, which isn't a huge problem. I would just like to know while in this early stage of development.

And while I'm at it I'll ask this now: what is the best language to use for a server? Currently, I'm programming the game's server in Python because 1: I know Python well and 2: I thought it'd be fun to try. I've heard using GameMaker for a server isn't the best, so I plan on not doing that. But are there faster languages? I've heard Java is good for servers, but that's all I know. And probably the biggest question: does it even matter. Is it going to be such a huge difference that I should change to a faster language for the server? (Note: the game is a 4v4 type game, so a maximum of 8 clients connected at once.)
 

FrostyCat

Member
Rule #1: NEVER trust the client. The client can intentionally change an internal value via a hex editor, or unintentionally by being momentarily out of sync, or both.
Rule #2: Infrastructure and architecture affect scalability much more than the choice of language. Choosing Java over Python or vice versa won't magically make a non-distributed architecture scale, nor will it magically let a home server handle 10000 connections at once.
 

WimpyLlama

Member
One more question: if I shouldn't trust the client, what do I do for things like movement? Do I just send the player's inputs to the server and have it calculate movement and collision then send back the x and y position to the client? And even if I did, how? The server can't exactly use things like place_meeting to test for collision and such.
 

FrostyCat

Member
In a centralized architecture, clients only send input, and the server filters the input and sends back updates.

If you don't have place_meeting() on the server, you use basic collision detection formulas to build an equivalent of it. The one built into the GM engine didn't come out of thin air.
 

WimpyLlama

Member
Okay, thank you. This is becoming a more daunting task than I thought, but that's okay. It's time I had more of a challenge anyway!
 
Top