Is there really any point to making a client-server game authoritative?

In most client-server games I've played, like Gears of War, Halo, many PC titles with server browsers, the host is a player in said game.

So what's the point? What keeps the host from cheating, and people who want to cheat from just hosting their own games?

Also, if you're making an iOS game... to what lengths would the cheating party have to go to cheat? I imagine it'd be way more non-trivial than a PC game, right?

 

If people can cheat, they will. You only have to look at the online high scores for Bookworm to figure that out with scores of ninety-nine billion but only a few seconds played. If you want your legitimate, casual players to feel they are on equal footing, you need to take your client security very seriously. It is a prime feature, just like installer, game play, marketing, graphics, etc. It is not a second class citizen. Not every game needs an authoritative server, not all aspects of a game need an authoritative server, but you should be prepared to provide for it if your game warrants it.

 

Yeah, I understand all that, but it doesn't really address my question (you're overlooking the client-server/host as a player bit).

My point was: no matter how authoritative you make a game with client-server architecture where the host is a player, people can still cheat (the hosts). So what's the point?

 

Speed of connection, speed of development and total cost of development

Speed between clients. The bandwidth available between players is usually faster, as an average of what each player needs, than it would be if they used a data center that requires large bursts of low-latency data. FPS game server requirements are different to MMORPG game server requirements and are again different to a regular web server requirement.*

Speed of development. It is usually faster to develop a client-server architecture as an encapsulated unit than it is to figure out all the wrinkles of a dedicated server architecture. It is not just the speed of developing the software either, but the speed of developing the workflow, the processes, the testing, the training of server personnel, the database and so on. It all adds up.

Cost to developer of hosting dedicated servers, providing bandwidth and support personnel for the lifetime of the game.

* Also, realise that if a company like Blizzard can engage two full-time engineers for a period of four months on the task of reducing the required bandwidth of each player by 10%, at which we can estimate that it cost Blizzard close to $200,000 to get that bandwidth reduction, how much does Blizzard save over the course of ten years with 12 million players when their bandwidth bill has been reduced by 10%? It's the same principal that a consumer product, say a Nintendo DS, will be given to a product optimisation engineer whose sole job is to reduce the component count in the device. It might cost Nintendo $50,000 to redesign the device and all the engineer will have done is remove 1 screw, reducing the total cost by a fraction of a penny in physical hardware, but now there's one less screw to put in the device during assembly, there is a little bit less training to be done for the support personnel to take the device apart. Multiply all those little savings by a few tens of millions of Nintendo DS units sold and suddenly you are talking real money.

 

Yep... so that covers the benefits of developing a client-server game.

But what are the benefits of making it authoritative? Some players will still be able to cheat, as I pointed out earlier. At least making it non-authoritative would even further increase the speed of development. I see little to no benefit to making it authoritative.

 

It seems, taht you have not understood the term "client-server". if a player is a host, then this is a peer to peer approach with a masterserver, not a client-server-approach, as there is no gameserver, just the masterserver and the clients.
For such a p2p solution there really is no point in making the host authoritive, as you will gain nothing by it.
In a client-server appraoch, the host is a gameserver on seperate hardware, which is not avaiable to the player and where no client is running on, that can be controlld by the player (only eventually serverside ai-clients, if your game needs those).
So in a client-server approach making the server authoritive will make cheating very hard for the parts of the game, which are checked by the server, as you would have to hack the server therfor.

 

That is fundamentally incorrect. A networking approach in which the server is a player is still very much considered client-server so long as the server is in control of everything. The only time a network is peer-to-peer is when resources and workload are shared among peers and all clients are able to directly send data to other clients (which they cannot in Unity's player-hosted networking).

 

Well, that might be just a different understanding of p2p term ).
Besides that, I agree with Kaiserludi!
Thoughts by JustinLloyd are also good .

...Afaik, on iOS not a big % of people attempt to cheat.

Both autoritative and non-authoritative options are OK - it depends on your game.
If you're concerned with cheating (like authors of world of tanks for example) - you would go with authoritative solution.
A big percent of cheaters can, I suppose, kill your game in some cases (as normal players would leave and play something else).

 

Authoritative is a bit overused, I think. Never trust the client is a good mantra, but that doesn't mean reaching for the brute force approach. For example, a player can't move through walls, or move faster than a certain speed. Rather than the server taking all control and telling the client where he ends up when he presses forward, let the client do it, and the server check it, and only send a correction from the server if it's out.

 

Oh and if you're letting players host their own games, you're pretty screwed.

 

For a start you've got far fewer potential cheaters as only the host can cheat... and it's very easy for people to simply blacklist them as long as you have a simple 3rd party (e.g. dev controlled) user account verification.

 

Haha, what makes you say that? You mean just from a cheating perspective?

 

the real question is how tp do it without making the player unlock his port

 

That's easy, just use a relay service like PUN for example.