I already have logic in a cloudscript to detect if players equipped items they shouldn't own, but how do I actually prevent them from instantiating different items than what's stored in their UserInternalData?
Since the instantiation happens on the client side, they can just ignore their data and spawn a different item right? And to my knowledge there is no way for a cloudscript to handle the instantiation.
So how would I do that?
Thanks.
There is no solid solution to completely avoid client cheating, but the data that sync and upload to the server can be verified. UserInternalData can only be updated via server API and cannot be changed by players.
Cloud Script cannot directly monitor the states of a client, but when a match ends, players need to upload the scores or result to your function. There can be few gaming statistics that can be tracked during the game, for example, if the time that the player costs is reasonable, or if the score is within a theoretical range. Besides of this, you may consult anti-cheating related community for dedicated support.
"but the data that sync and upload to the server can be verified"
Yeah but the main problem is that players can just ignore what's stored in their data and instantiate what they want, is there no solution to that?
I am not an expert on it but, usually, an online game requires integrity checking to prevent cheating, and there are many external anti-cheating service providers (for example, Easy Anti-Cheat), which requires extra efforts to implement. You may also do root check (on Android), processes check (malicious plugins on PC), etc.
It is more common in a real-time game and besides of client-side checking, because there is multiplayer servers, clients will need to communicate with server in time. It doesn't matter what spawns on the client because eventually only actions on server will be counted. Meanwhile, for a near-time game, only the data uploaded to the server matters. You can monitor each step of a player's action, but each data reads & writes will be metered for the cost. This is also determined by the genre of your game.
list of hacking techniques that you and your employees should know about and take every ecommrece platform possible step to avoid Phishing.
Bait and Switch Attack. Key Logger. Denial of Service (DoS\DDoS) Attacks. ClickJacking Attacks. Fake W.A.P. Cookie Theft. Viruses and Trojans
Your not going to be able to stop it. It will really depend on the logic.
If the client does all the damage or whatever calculations as well. You won't be able to stop it.
Only things that are done on an external server will be able to stop it.
And then it would just stop the server logic, they could still hack the client to show something different than they should have.
It just would only be a visual effect since the server would know what they are really using and react accordingly.
As seth mentioned you can only try and verify things if its all client side on playfab before issuing rewards or other things. But its probably a loosing battle. Unless you introduce time.
Can not claim rewards or finish levels faster than X minutes.
At least you can somewhat control the amount of rewards given out. But can't control them say getting a perfect score every time.
But timeout can lead to bad experiences incase something crashes and they restart before the minimum time.
All about trade offs and your game, and whats important to protect and at what costs.
11 People are following this question.
