Security using serverside extension
Posted: 27 Jul 2018, 10:28
Hello community!
Now i'm among us.
It took a lot of time to understand how smartfox working, also i'm a bit upset, because serverside documentation ain't providing any examples. (i don't mean on site, like unity in documentation)
So i decided to do a small easy-stupid game, typical MMO with player who can only move and rotate, also the "game screen" is same size that just one player screen.
And problems i've met:
1. I'm a bit old-type developer, so i don't like to implement some features. For example i do not like to implement MMORooms if i can create it by myself. Also i didn't find any documentation what does it change. In examples part (as ObjectMovement e.t.c.) there's NEVER SERVER SIDE CODE, only client-based. I understand that maybe it because it uses basic server features that doesn't require any server side code, but in those cases you can just send any (x, y, z) values you want, what is insanely big for cheater. Hello speedhack.
So i must simulate all processes on server. Create players array with payer classes and client only makes some messages like "start moving up" and all calculations are done on serverside either, server only returns with messages to all players new calculated position. But in this case...
2. If i'm making movement using Unity Physics system... How do i calculate it? How do i implement it to Java? Looks like i can't use it. Currently i stopped at just using strict transform.localPosition changing on certain amount - this is what easy to calculate on server.
Maybe MMORoom provides some basic protection from cheating? So there must be something like "speed" global parameter. But what's with teleports?...
W/e. So if i decide to make cheat-safe game I just want to make all by myself. Should i just create usual game room and then using extension make all game being server-side, while client only draws graphics and makes communication between client and player? That's kinda obvious but the real question is - am i right and all smartfox basic features aren't cheat-safe?
3. If so, b.t.w, what should i use as a timer for whole game - Thread or taskScheduler? (like how ofter should i calculate new player positions, for example 60 times per second).
Maybe i asked generic or repeatable questions, but sorry if so - i didn't found any documentation forum themes or solutions.
4. Small q: max 20 users in room for free version - but in dmin panel i can change it for example 30. Is it a trust-based features that I must stick to, otherwise I can be judged?
Also i wanted to thank Lapo for such detailed and useful answers, which i was reading throught development cycle on forum ^^.
Now i'm among us.
It took a lot of time to understand how smartfox working, also i'm a bit upset, because serverside documentation ain't providing any examples. (i don't mean on site, like unity in documentation)
So i decided to do a small easy-stupid game, typical MMO with player who can only move and rotate, also the "game screen" is same size that just one player screen.
And problems i've met:
1. I'm a bit old-type developer, so i don't like to implement some features. For example i do not like to implement MMORooms if i can create it by myself. Also i didn't find any documentation what does it change. In examples part (as ObjectMovement e.t.c.) there's NEVER SERVER SIDE CODE, only client-based. I understand that maybe it because it uses basic server features that doesn't require any server side code, but in those cases you can just send any (x, y, z) values you want, what is insanely big for cheater. Hello speedhack.
So i must simulate all processes on server. Create players array with payer classes and client only makes some messages like "start moving up" and all calculations are done on serverside either, server only returns with messages to all players new calculated position. But in this case...
2. If i'm making movement using Unity Physics system... How do i calculate it? How do i implement it to Java? Looks like i can't use it. Currently i stopped at just using strict transform.localPosition changing on certain amount - this is what easy to calculate on server.
Maybe MMORoom provides some basic protection from cheating? So there must be something like "speed" global parameter. But what's with teleports?...
W/e. So if i decide to make cheat-safe game I just want to make all by myself. Should i just create usual game room and then using extension make all game being server-side, while client only draws graphics and makes communication between client and player? That's kinda obvious but the real question is - am i right and all smartfox basic features aren't cheat-safe?
3. If so, b.t.w, what should i use as a timer for whole game - Thread or taskScheduler? (like how ofter should i calculate new player positions, for example 60 times per second).
Maybe i asked generic or repeatable questions, but sorry if so - i didn't found any documentation forum themes or solutions.
4. Small q: max 20 users in room for free version - but in dmin panel i can change it for example 30. Is it a trust-based features that I must stick to, otherwise I can be judged?
Also i wanted to thank Lapo for such detailed and useful answers, which i was reading throught development cycle on forum ^^.