I have made a simple 2D game for Android where you have to shoot something and the score is how much time you survive. Such score is sent to a database server based on node.js and mongoDB, that sends back a leaderboard of the top 10 players.
I want to offer monthly prizes to the first highest scorer of the respective month. Such monthly prize will be in money.
Because it will be money involved I anticipate cheating at a high level.
How can I securely send the true score made by the respective player to my database?
My biggest problem is that my source code can be easily decompiled, tweak the game to show the highest score possible and be sent by the app to my database.
I searched a lot and it seems that a dedicated server running instances of the game based on user inputs is the most secure way. But it raises questions of lag and also memory hardware requirements on the server’s side.
If you were in my place, how would you solve the problem or at least any ideas how to make the cheaters’ life hard? Not giving prize money is out of question.
Thank you
If money is on the line here, you don’t trust the client. Ever. Even for scoring. Even for “I killed something!” events.
You want the server to handle the important game logic, and the client is only responsible for graphics and sounds.
Thanks. Is there a unity tutorial for bringing the game logic into a server and the client only handles graphics and sound?
I wouldn’t send out any prizes worth anything if you’re basing it on any value that comes from a client, otherwise you’re just acting as a cheater welfare system. What BlackPete is talking about is structuring your game with a Client/Server architecture.
The game world is simulated on the server, and your client sends movement or action commands to the server. The server authenticates these as valid and performs the movements or actions. The result of that is sent back to the client, as well as any syncing of other non-player objects. Any score is tallied on the server and only the server, and sent directly from the server to the DB. The client has no direct access to the DB. Any values you think need to be displayed on the client from the DB or pushed to the DB by the client, instead are grabbed from the DB by the server and provided to the client or are pushed from the server to the DB instead of from the client.
There are lots of networking tutorials for the various networking API’s available. If you are interested, research the various API’s to see what feature set best matches you specific need, and start on one of its tutorials. Focus on how to implement a dedicated server rather than a peer to peer game.