How can current and future MMO JavaScript games stop players from cheating the system? [closed]

Question

Closed. This question needs to be more focused. It is not currently accepting answers.

---

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

Closed 9 years ago.

Improve this question

Online JS-powered Browser games seem to be a new an upcoming thing in the game industry, and I have some questions about how developers can counter the following specific issues that arise from a game environment where every player has access to a console that can manipulate the game on the fly.

---

Item and currency transfers

With something like an in-game currency purchase or sale, we can have the server validate the player's stored currency and inventory data against his transfer attempt to ensure that he isn't trying to transfer resources that he doesn't truly possess.

I see how that's handled.

---

Real-Time Event Communication

When a player is in a battle situation, he could potentially change his supposed level and perform moves that he is not yet capable of or add to his health, mana, etc.

If we were to wait for server validation on such data values before streaming it out to each client involved, it would cause unacceptable latency and break the real-time flow.

I don't see how that's handled.

---

The Question:

How can this issue be solved in a JS multiplayer game with real-time interacton?

Answer 1

For any kind of modern web application, where more logic is being moved to the client side, security does need to be well planned as, realistically, you have to prepare for the fact that someone could rewrite your entire interface for malicious purposes.

You're right that validating every move server side does introduce latency, however as mentioned by qwertynl above you could use websockets to minimise it. Developers have produced multiplayer games with real time communication (such as FPSes) for a long time now so you'd assume there'd be plenty of algorithms and strategies out there for maximising bandwidth and minimising latency. If your game involves any kind of real time communication, you'll already need low latency solutions in place, so adding a bit of validation is not a problem.

For more transactional games, this becomes a lot easier because nothing necessarily needs to be real time. The interface knows your xp, mana etc, so when you perform an action the application adds the action to your outbound queue and responds, predicting the outcome as though the action was successful.

When the action is sent to the server, if the actual result is different to what the client anticipated, due to people tampering with their mana levels, loss of connectivity of another player etc, then the action isn't applied to your internal server side game state, and the server responds with a game state that ignores your past actions.

This method can result in strange behaviours where you're playing and next thing your past few minutes of gameplay vanish, but remember this validation is to protect the game from abusers and poor network connectivity, and is not something that will be encountered by the majority of users.