Microsoft Azure PlayFab logo
    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Add-ons
    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer
    • For Any Stage

      • Build
      • Improve
      • Grow
    • For Any Size

      • Solo
      • Indie
      • AAA
  • Runs on PlayFab
  • Pricing
    • Blog
    • Forums
    • Contact us
  • Sign up
  • Sign in
  • Ask a question
  • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges
  • Home /
  • API and SDK Questions /
avatar image
Question by Brent Batas (Lisk) · Aug 09, 2019 at 02:54 PM · MatchmakingCustom Game Servers

What would prevent a player from joining a match that he isn't a part of?

This is for servers 2.0. Suppose matchmaking finds a match for some set of players. Then one of those players shares the IP/port with his friend, who isn't in the match.

It seems like the friend can now, with a hacked client, connect to the match by connecting directly to that IP/port.

How can the server know that the friend doesn't belong in the match?

Legacy matchmaking had RedeemMatchmakerTicket (

https://api.playfab.com/documentation/server/method/RedeemMatchmakerTicket) to ensure that the player belonged in the match.

Does server 2.0 have anything comparable?

Comment

People who like this

0 Show 0
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

2 Replies

· Add your reply
  • Sort: 
avatar image
Best Answer

Answer by Citrus Yan · Aug 12, 2019 at 06:23 AM

Hi Brent, according to the new Server 2.0 architecture, it seems that if a hacked client has the IP/port info then it can connect to the server without any verifications, there is nothing server 2.0 can do to stop it. However, you may need to do some authentication logic by yourself like requiring the player to provide some identities when connecting so that the game server could verify them. For example, you require the clients to send sessionTicket to your server and then use AuthenticateSessionTicket to validate the player, if the player is not in the match, kick/ban the player. The basic idea I think is to do verification works before connections.

Comment

People who like this

0 Show 0 · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image

Answer by Brandon Phillips · Aug 09, 2019 at 06:18 PM

For us, at least, our game server doesn't allow any more than the max number of connections for a selected Game Mode. For example, if the server is in 1v1 mode, any connections after the second connection will be dropped.

However, you could go the route of using something like GetMatch() and only allowing connections with the players returned in the GetMatch() result.

Comment
Brent Batas (Lisk)

People who like this

1 Show 2 · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Brent Batas (Lisk) · Aug 09, 2019 at 08:29 PM 0
Share

Makes sense, thanks for sharing! although it still seems to me that a player can just say "I'm so-and-so" and we wouldn't have any way to verify that without some kind of ticket

avatar image Brandon Phillips Brent Batas (Lisk) · Aug 10, 2019 at 04:19 AM 0
Share

True, although maybe you could get the GetMatchResult from each player and ensure that the members in each result are the same as the connecting members, and if not you could kick/ban the players

Your answer

Hint: You can notify a user about this post by typing @username

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Navigation

Spaces
  • General Discussion
  • API and SDK Questions
  • Feature Requests
  • PlayStream
  • Bugs
  • Add-on Marketplace
  • LiveOps
  • Follow this Question

    Answers Answers and Comments

    5 People are following this question.

    avatar image avatar image avatar image avatar image avatar image

    Related Questions

    UE4 PlayFab pipeline interactions 1 Answer

    How can I connect players to the game server? 1 Answer

    What API calls are needed in PlayFab hosted server vs self hosted server? 1 Answer

    how can i make only 1 server build possible to be created by client 1 Answer

    Updating Containers 1 Answer

    PlayFab

    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Runs on PlayFab
    • Pricing

    Solutions

    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer
    • For Any Stage

      • Build
      • Improve
      • Grow
    • For Any Size

      • Solo
      • Indie
      • AAA

    Engineers

    • Documentation
    • Quickstarts
    • API Reference
    • SDKs
    • Usage Limits

    Resources

    • Forums
    • Contact us
    • Blog
    • Service Health
    • Terms of Service
    • Attribution

    Follow us

    • Facebook
    • Twitter
    • LinkedIn
    • YouTube
    • Sitemap
    • Contact Microsoft
    • Privacy & cookies
    • Terms of use
    • Trademarks
    • Safety & eco
    • About our ads
    • © Microsoft 2020
    • Anonymous
    • Sign in
    • Create
    • Ask a question
    • Create an article
    • Post an idea
    • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Explore
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges