hi,
In the documentation for the statistics it says
"Find and activate "Allow client to post player statistics"
But please note that doing so disables a security layer for your title, allowing players to post arbitrary scores to all of their statistics. If your game has any competitive play aspect, we would recommend that you never post statistics from the client."
So my question is, what is the best and most secure approach for saving a player stat (eg Trophy Count)? Should I send the new value to a cloud script that can run additional checks (eg time since last statistic change, how big is the change since the last update etc) before going ahead and saving the new value?
Thanks
Answer by Brendan · May 16, 2018 at 01:57 PM
The best and most secure way would be to have a custom game server (dedicated server) which the client connects to, and which controls the authoritative simulation of the game session. It would report statistics directly, and you would not turn on the client's ability to write stats. That way, you know that stats are always correct (as much as reasonably possible).
The next best would be to use Cloud Script. So, you'd have the client report stats at the end of a session, and the Cloud Script would check what it can - time since last stat report, actual value of the stats reported, etc. - to try to block players from cheating by reporting bogus stats.