question

Brent Batas (Lisk) avatar image
Brent Batas (Lisk) asked

What would prevent a player from joining a match that he isn't a part of?

This is for servers 2.0. Suppose matchmaking finds a match for some set of players. Then one of those players shares the IP/port with his friend, who isn't in the match.

It seems like the friend can now, with a hacked client, connect to the match by connecting directly to that IP/port.

How can the server know that the friend doesn't belong in the match?

Legacy matchmaking had RedeemMatchmakerTicket (

https://api.playfab.com/documentation/server/method/RedeemMatchmakerTicket) to ensure that the player belonged in the match.

Does server 2.0 have anything comparable?

MatchmakingCustom Game Servers
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

2 Answers

·
Citrus Yan avatar image
Citrus Yan answered

Hi Brent, according to the new Server 2.0 architecture, it seems that if a hacked client has the IP/port info then it can connect to the server without any verifications, there is nothing server 2.0 can do to stop it. However, you may need to do some authentication logic by yourself like requiring the player to provide some identities when connecting so that the game server could verify them. For example, you require the clients to send sessionTicket to your server and then use AuthenticateSessionTicket to validate the player, if the player is not in the match, kick/ban the player. The basic idea I think is to do verification works before connections.

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Brandon Phillips avatar image
Brandon Phillips answered

For us, at least, our game server doesn't allow any more than the max number of connections for a selected Game Mode. For example, if the server is in 1v1 mode, any connections after the second connection will be dropped.

However, you could go the route of using something like GetMatch() and only allowing connections with the players returned in the GetMatch() result.

2 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Brent Batas (Lisk) avatar image Brent Batas (Lisk) commented ·

Makes sense, thanks for sharing! although it still seems to me that a player can just say "I'm so-and-so" and we wouldn't have any way to verify that without some kind of ticket

0 Likes 0 ·
Brandon Phillips avatar image Brandon Phillips Brent Batas (Lisk) commented ·

True, although maybe you could get the GetMatchResult from each player and ensure that the members in each result are the same as the connecting members, and if not you could kick/ban the players

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.