• Sign Up Login
  • Features
    • Game Services
    • Real-time Analytics
    • LiveOps
    • Add-ons
  • Game Services
  • Real-time Analytics
  • LiveOps
  • Add-ons
  • Games
  • Pricing
  • Blog
  • Support
    • Docs
    • Forums
    • Contact
  • Docs
  • Forums
  • Contact
  • Sign Up Login
  • Ask a question
  • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Topics
    • Questions
    • Ideas
    • Articles
    • Users
    • Badges
  • Home /
  • API and SDK Questions /
avatar image
Question by Brent Batas · Aug 09, 2019 at 02:54 PM · Custom Game ServersMatchmaking

What would prevent a player from joining a match that he isn't a part of?

This is for servers 2.0. Suppose matchmaking finds a match for some set of players. Then one of those players shares the IP/port with his friend, who isn't in the match.

It seems like the friend can now, with a hacked client, connect to the match by connecting directly to that IP/port.

How can the server know that the friend doesn't belong in the match?

Legacy matchmaking had RedeemMatchmakerTicket (

https://api.playfab.com/documentation/server/method/RedeemMatchmakerTicket) to ensure that the player belonged in the match.

Does server 2.0 have anything comparable?

Comment

People who like this

0 Show 0
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

2 Replies

· Add your reply
  • Sort: 
avatar image
Best Answer

Answer by Citrus Yan · Aug 12, 2019 at 06:23 AM

Hi Brent, according to the new Server 2.0 architecture, it seems that if a hacked client has the IP/port info then it can connect to the server without any verifications, there is nothing server 2.0 can do to stop it. However, you may need to do some authentication logic by yourself like requiring the player to provide some identities when connecting so that the game server could verify them. For example, you require the clients to send sessionTicket to your server and then use AuthenticateSessionTicket to validate the player, if the player is not in the match, kick/ban the player. The basic idea I think is to do verification works before connections.

Comment

People who like this

0 Show 0 · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image

Answer by Brandon Phillips · Aug 09, 2019 at 06:18 PM

For us, at least, our game server doesn't allow any more than the max number of connections for a selected Game Mode. For example, if the server is in 1v1 mode, any connections after the second connection will be dropped.

However, you could go the route of using something like GetMatch() and only allowing connections with the players returned in the GetMatch() result.

Comment
Brent Batas

People who like this

1 Show 2 · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Brent Batas · Aug 09, 2019 at 08:29 PM 0
Share

Makes sense, thanks for sharing! although it still seems to me that a player can just say "I'm so-and-so" and we wouldn't have any way to verify that without some kind of ticket

avatar image Brandon Phillips Brent Batas · Aug 10, 2019 at 04:19 AM 0
Share

True, although maybe you could get the GetMatchResult from each player and ensure that the members in each result are the same as the connecting members, and if not you could kick/ban the players

Your answer

Hint: You can notify a user about this post by typing @username

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Navigation

Spaces
  • General Discussion
  • API and SDK Questions
  • Feature Requests
  • PlayStream
  • Bugs
  • Add-on Marketplace
  • LiveOps

    • Follow this Question

    Answers Answers and Comments

    5 People are following this question.

    avatar image avatar image avatar image avatar image avatar image

    Related Questions

    Direct Challenges,Direct Challenges (via FB) 2 Answers

    Matchmake and StartGame returning 500 Internal Server Error 1 Answer

    What happens when a client calls ClientAPI.Matchmake then does not connect to a returned server? 1 Answer

    Am I correct in understanding that SessionCookie will always be blank for matchmade games? 1 Answer

    Test Playfab Hosted Server Without Matchmaking 2 Answers

    • PlayFab

      • Features
      • Games
      • Pricing
      • Blog

    • Engineers

      • Documentation
      • Quickstarts
      • API Reference
      • SDKs
      • Usage Limits

    • Support

      • Forums
      • Videos
      • Contact
      • Service Health
      • Terms of Service

    • Social

      • Facebook
      • Twitter
      • LinkedIn
      • YouTube
    • Privacy & cookies
    • Terms of use
    • Trademarks
    • About Microsoft
    • Jobs
    • Accessibility
    • Diversity & inclusion
    • Security
    • Company news
    • © Microsoft 2019
    • Anonymous
    • Sign in
    • Create
    • Ask a question
    • Post an idea
    • Create an article
    • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Explore
    • Topics
    • Questions
    • Ideas
    • Articles
    • Users
    • Badges