[Question] Replication and cheat protection
In ShooterGame, there is a TimeBetweenShots variable, which I made Replicated, because a weapon (a chaingun) can modify that (its fire rate increases as the user holds the fire button).
Here's the set function...
...which checks for authority before setting:
I have added
My question is, can a hacker modify the
In other words... I want that the variable be replicated only from server to clients, but not from client to server.
asked Mar 11 '14 at 05:44 AM in Everything Else
ue4-archive ♦♦ STAFF
You are pretty close. There are a few things to clarify:
Marking the function as Server, Client, or NetMulticast makes the function replicated. E.g., when a Server function is called on the client the call is replicated to the server and the server executes the body of code (in an _Implementation function. E.g, if you marked SetFireRate as Server, you need to do your work in SetFireRate_Implementation). So just marking that function as Server is probably not what you want.
BlueprintAuthorityOnly is closer to what you want. Marking a function BlueprintAuthorityOnly means that in blueprints, only the server may execute the function (if a client tries to call it, nothing will happen and execution will continue).
Having the Role check in the function body may still be a good idea, since SetFireRate could be called directly from C++ as well.
Property replication does only ever happen server -> client. Clients cannot set properties and have them propagate to the server. The only way clients communicate with the server is by calling Server replicated functions. A hacker could in theory send bogus calls to (only) Server functions (they cannot trick the server into executing non Server functions remotely). Any parameters to Server replicated functions could be compromised as well.
Hackers could also modify anything in memory. So, locally, the client could modify his TimeBetweenShots. In the end the onus is on the server to decide how to handle what the client tells him. E.g, if TimeBetweenShots is what gates rate of fire, which ultimately results in a Server weapon fire function being called - the server should do security checks in that Server weapon fire function.
I hope that helps you.
From my understanding of replication in UE, replication is always server-to-client only. The server is authoritative and adjusts the value, clients have "read-only" access to this value in a sense.
Maintain a good understanding of how and from where code is executed, you should be able to prevent the client from calling functions that modify the TimeBetweenShots unintentionally. To aid with this keep the interface to these types of values to a minimum.
Follow this question
Once you sign in you will be able to subscribe for any updates here