Search Unity

  1. Unity support for visionOS is now available. Learn more in our blog post.
    Dismiss Notice

Discussion (+QUESTION) Are there ways to keep games safe with Client authoritative systems? (mirror)

Discussion in 'Multiplayer' started by Simplisticated_Development, Sep 21, 2023.

  1. Simplisticated_Development


    Jun 26, 2023
    Hello all-

    I posted this because I am curious about server/client authoritative-ness and how they relate to hackers (specifically in mirror). I get that "the root of all evil" comes from client-authority, but client authority is much easier when it comes to player movement. Then again, if you build a popular game, client authority can be a real problem. I looked through documentation and I found four broad answers to this issue:

    1. Client authority in development, then server authority before release. (this one is hard because you have to go back and remake your systems)
    2. Don't go big on game economy - if hackers can't make $$, they won't be so tempted to hack
    3. Add scripts on server and client side that check for things like unreasonable speed
    4. make your source code messy so hackers can't easily find simple variables to tamper with
    5. Mirror does provide a few systems to help with server-client relations, apparently
    I also understand that many devs don't need to worry about this, since it's unlikely that a game grows big enough to "earn the privilege of hackers". This is also not an urgent issue for me. I am asking this question to see what the community believes is the best solution to client-side authority hackers.


    Out of curiosity, is there a simple way to do player movement with server authority? (I couldn't find much documentation.)

    Anyway, I am excited to hear from the experts on this predicament for developers.

  2. CodeSmile


    Apr 10, 2014
    1. is just going to be cruel on you unless you can instantly switch modes at any time. Still you need to test with server authority, so there is no real gain in having client auth during dev.

    2. they‘ll hack whatever they like and can

    3. that‘s part of server authority, checking for unreasonable actions or invalid states

    4. definitely the absolute best approach and the only one known to be harmful to a hacker‘s mental health. It is however against the international hacker ethics. Also, the russian mafia will be after you.

    5. cannot comment. I do know that the statement „client authority is easier“ makes no sense in Netcode for GameObjects. There it‘s just a bool in NetworkTransform and all it does is to make the local movement have no latency. Easier to implement it is not. But maybe that‘s because synching a transform requires no coding in NGO.