Search Unity

  1. Unity 2018.3 is now released.
    Dismiss Notice
  2. The Unity Pro & Visual Studio Professional Bundle gives you the tools you need to develop faster & collaborate more efficiently. Learn more.
    Dismiss Notice
  3. We've updated our Terms of Service. Please read our blog post from Unity CTO and Co-Founder Joachim Ante here
    Dismiss Notice
  4. Want to provide direct feedback to the Unity team? Join the Unity Advisory Panel.
    Dismiss Notice
  5. Improve your Unity skills with a certified instructor in a private, interactive classroom. Watch the overview now.
    Dismiss Notice

P2P and database interactions

Discussion in 'Connected Games' started by lejean, May 17, 2018.

  1. lejean


    Jul 4, 2013
    I'm working on a shooter game which uses PUN so is p2p atm.

    The game will have a database to save the player data like points/gear and what not, but if one of the players is the master client, this mean cheating is possible.

    So if some player gets experience for a kill which gets saved in the database f.e. how exactly do I make it secure so that a player can't just run the database code multiple times to farm XP?
  2. Joe-Censored


    Mar 26, 2013
    You really can't. The closest you can get is having a central server under your control that handles all assignments of experience and gear, which authenticates any data sent from clients and looks for impossible or unusual behavior.
  3. newjerseyrunner


    Jul 20, 2017
    Authentication and cheat detecting.

    First off, make sure that you can't simply sniff a request out in Fiddler and resend it over and over again. You can use session cookies and timers parameters for this.

    Then server-side you should have your own cheat detection systems. Common checks are for sudden fast movement around a map. If a player is teleporting around, they are most likely cheating. You can also monitor what types of objects they get and make sure that they're not getting end-of-game weapons in the first level by hacking the commands. The best thing to do would be to have your anti-cheating mechanism send you an alert to manually check out what's going on, especially if it's a single player game where someone may be doing something strange but not cheating (like speedrunning.)