I was playing a multiplayer FPS powered by Play Canvas and noticed that a player was getting positional advantages like flying (something that is not possible playing honestly) and infinite ammo
I imagine this player was manipulating Javascript to gain these advantages.
Based on that, is there any technique or way to prevent or make it difficult for a malicious player to manipulate Javascript in a multiplayer game?
Hi @Mesquita1991,
It’s true that JavaScript makes it easier to hack the client, but similar problems face native games as well.
The solution is simple: never trust the client. Validate all gameplay on the server, that is called authoritative multiplayer.
For example instead of sending position updates to the server send user input (keys pressed). On the server validate that the input executes a valid action and network the action to all connected players.
There is plenty of literature online on the subject, try some internet searches.
2 Likes
+1 on what Leonidas has mentioned regarding authoritative server models
You can make it harder to do JS side client hacking using an Obfuscator like https://obfuscator.io/ but that will only help so much
3 Likes
The movement example was very enlightening. Thank you very much!
Thank you for the tip. It will help me a lot.