question about mp cheating

hello conitec,
I am working on a mp-game and thought about how players would be able to cheat and how to avoid it.
I think currently the client has too much power because of the ent_create and send_ functions.

With an external program it would be possible to send the server a hostile entity creation request, which could be used to block other player entities, so they are unable to move or create a on all other clients, but your own invisible obstacle and so on...

The other thing that worries me are the send_ instructions for variables and strings, because they update it directly on the server. so you could change some movement parameters and the game would be unplayable, if you update the movement on server and client separated and use the server xyz to correct it. or maybe you could change the the winning conditions or the gamemode. this would always cause some damage to the gameplay, cause crashes( by setting variables to an invalid range) or just give advantages to the cheating player.

so can you please tell me if my doubts are justified? if so could you give the user a way to decide, when he wants a variable to be updated or if a client wants to cheat

Scorpion

You would usually encrypt the traffic in a serious MP game. This will prevent cheating by injection of malicious commands.

Additionally you could protect your server with a password. So that only applications that know the password can connect with the server.
I implemented something like this beside the normal encryption of the traffic in ANet.

okay thx, so I will just trust in the encryption =)

@dark samurai
but can't you get the password somehow, when it's given with the client?

also the encryption has a password. Protecting your passwords/your script is another topic ^^