It is exactly that simple. You already have to account for latency because everyone but one player (who you also can’t trust no matter how many rootkits you install) is not the server. Having a proper server doesn’t change that in any way.
Client side validation cannot possibly provide any actual security, but even if that wasn’t the case and it was actually flawless, it would still be unconditionally unacceptable for a game to ever have kernel level access.
Yes, people can still cheat with a camera and manipulating inputs. There will never be a way around that.
But that’s entirely unchanged by adding malware, that, even if it could theoretically work, should be a literal crime with serious jail time attached. Client side validation is never security and cannot resemble security.
There are lots of options such that you can tune your false positive/negative rate. 🤷♂️ Tons of ways you can structure this depending on your game’s tech.
No options that resemble legitimate or evidence based in any way.
If a computer has the exact same input and output tools as a human, you cannot possibly do better than guessing. It is a literal certainty that you will ban legitimate players doing nothing wrong for being too good if you try, and it’s unconditionally not acceptable to do so.
I’m not sure why you think I’m saying client side is better when I called it malware.
There is no approach that is theoretically capable of doing anything at all to impact a camera and automated inputs, and there is no way of trying to do so that is acceptable. It’s simply a reality of online gaming.
Your core premise is broken. Relying on trusting anything from a remote client cannot possibly result in a fair game.
It’s not that simple. Especially not for real time shooters, latency is a killer.
It is exactly that simple. You already have to account for latency because everyone but one player (who you also can’t trust no matter how many rootkits you install) is not the server. Having a proper server doesn’t change that in any way.
Client side validation cannot possibly provide any actual security, but even if that wasn’t the case and it was actually flawless, it would still be unconditionally unacceptable for a game to ever have kernel level access.
Too bad the server at least needs the player input data.
Yes, people can still cheat with a camera and manipulating inputs. There will never be a way around that.
But that’s entirely unchanged by adding malware, that, even if it could theoretically work, should be a literal crime with serious jail time attached. Client side validation is never security and cannot resemble security.
There are ways to detect and stop that, but they can and should happen on the server, not on the client.
Only if you’re OK banning real people.
There are lots of options such that you can tune your false positive/negative rate. 🤷♂️ Tons of ways you can structure this depending on your game’s tech.
No options that resemble legitimate or evidence based in any way.
If a computer has the exact same input and output tools as a human, you cannot possibly do better than guessing. It is a literal certainty that you will ban legitimate players doing nothing wrong for being too good if you try, and it’s unconditionally not acceptable to do so.
Client side anti-cheat faces similar issues, and there unlike your server you don’t control the hardware.
I’m not sure why you think I’m saying client side is better when I called it malware.
There is no approach that is theoretically capable of doing anything at all to impact a camera and automated inputs, and there is no way of trying to do so that is acceptable. It’s simply a reality of online gaming.