Let’s say our goal is to create a client that minimizes the hacker surface area as much as possible, so we set up an authoritative server. The client logs in, server validates and sends (encrypted) game data to the client. Already I see a problem… assuming the encryption is broken, hacker has access to all of the game data (ie. access to entire level, loot, monsters, etc…) and can write a client that can see behind walls, through fog-of-war, know precisely where the best loot is located, etc… I would love to know what the latest efforts are in combating these type of exploits; that is, what the major game studios do to prevent hacking the client. Is relying on a very strong encryption algorithm enough? If not, what other schemes are preferred? I can’t seem to find enough information on this topic. One of my thoughts is to provide the client with information on a need to know basis. For an extreme example, the server only sends the client data for what the client can “see”, and as the player moves through the level more data is streamed to the client. The client will never know that a cliff or monster is up ahead until the player is in viewing distance at which point the server sends cliff/monster data to the client. This piecemeal approach prevents the client from having access to information that can get hacked into which can lead to the player having an unfair advantage. The problem I foresee with this approach is that it’s very expensive from a bandwidth and server cpu point of view .
Any thoughts? Books, articles, and/or links would also be appreciated.
El Diablo