So I’ve been slowly implementing basic multiplayer to a demo project of mine, currently nothing special. I’ve made a few games in singleplayer and have a decent grasp on the engine in that regard, and so far things are going well with my demo project. Outside of Godot I have limited experience in networking, and often when studying multiplayer I read comments in regards on how some people will try to use games to compromise other users PC’s and it’s made me paranoid on continuing to learn how to develop multiplayer games.
Before I become dedicated in attempting to make a multiplayer game, I wanted to know some not-so-obvious do’s and don’ts you may have in regards to creating a multiplayer game? I understand you want to put as much as you can behind the server and to trust the client as little as possible, but is there more to it than that? What are some ways to avoid making a product that can compromise user’s computers? Are the official starter documentation guides to developing multiplayer games in Godot safe ways to begin a multiplayer project? I worry that because I am not savvy enough with networking that I will miss something fundamental and cause harm to hypothetical/potential players.
Thanks for any response
I don’t know a lot about networking. I’ve only attempted and failed to make some small multiplayer games. But, I think that if you were in a position to actually have users with compromised systems, you’d also be in a position to hire an expert to close the breach. Maybe I’m wrong. But to me it seems like worrying about licensing fees. If you actually need to pay them, you’re doing way better than the average indie and probably have the means to take care of them.
I really don’t think you should be too cavalier about it. Games aren’t websites that run in nice sandboxed browsers that handle all your application security. They run quite close to the host system and have some crazy access to files and memory. Some modern anti-cheat that ships with modern games is downright malware!
It’s not about doing thorough security auditing of every packet going over the wire but asking yourself what signals you want your users to send and receive. The modern networking models are so abstracted that devs usually don’t think about it, let alone have any control over it. Something as simple as sharing a save state can be a dangerous attack vector if you don’t know what you are doing.