I’m not sure if the following should be server or player responsability, since I really don’t know how possible cheaters could abuse it.
In my game there’d be about 50-100 units at a time, all of them moving. They are not directly player controlled, instead players can interact with the world and the units will move accordingly. So their movement is script-controlled.
I wonder if it’d be save to have each client calculate their units movement on their own? It would remove a lot of calculations from the authorative server. Note that the server would still control all relevant operations like attacks, damage, experience etc.
I guess the real question is, how can cheaters modify their client? Can they at all? Can they modify the scripts or just data that is send to the server? How would a Speed-Hack work?
There’s a pretty simple rule: Anything you leave up to the client they can modify. If you leave movement up to the clients they can change it as they see fit.
Let the clients move them on their own, but have the server move the “real” ones at the same time, send corrections back to the moving client when the server detects too large a delta. I don’t know enough about your game mechanics, but a speedhack wouldn’t be possible because the server wouldn’t allow it, or the perceived speed increase would only be happening in the cheating player’s game.
Your description sounds interesting though, what do you mean by that? The interact with the world thing?
The game is somewhat similar to games like Dungeon Keeper, meaning that you cant command your units directly. Instead they will search for tasks you created by interaction with the world (construction, destruction of stuff for example).
Something you may have to worry about with client-controlled units is, even if you check for a speed hack, you have to make sure they don’t “jump” through walls and doors that are near.