Server sided score calculation? Better for security, or too shitty for processing?

Wetter42 · 2023-09-10T10:03:11.564Z

Hey yall!
For my server, I have an arbitrary point calculation which takes things into account like player location, landing gear, pitch, etc, etc, however, it’s all currently calculated client sided.

I was looking at links like this:

How hackers can exploit your servers and what to do about it Server Discussion

Here is a way on the server side to stop players from spawning in fx local resourceWhitelist = { "moniter", "core" -- Add other resource names here } -- Utility function to get the resource name from the source local function getSourceResource(src) local resourceName = GetCurrentResourceName() if src and source ~= 0 then resourceName = GetInvokingResource() or resourceName end return resourceName end local fxWhitelist = { "FX_E…

and this:

[TUT] Securing Your Server Server Tutorials

Thx. I have found a better tool than “dia”. Dia url program. I have found a better tool than “dia”. A tremendous laziness to do it with “Dia”, however “draw.io” offers much more facilities. [image] A slightly longer summary of the previous text or at least what I understood as a programmer to be done and the problem referred to in this post. Correct me if I am wrong @ioerror

and am following along with the theme here. Although the server is p2p in some ways, it shouldn’t be in the critical ones.

That brings me to my question. For things like ‘score calculation’ where factors play into a total score, and the score is calculated for every player every time some condition is met, I know it’s possible to calculate the score on the server, but is it economical / reasonable? I wonder if too many score calculations running at once can start to eat away at the resources of the server.

Maybe it’s because it’s late and can’t think straight, but does anyone do this on a server? And if so, how do you find the balance between running the calculation securely - preventing manual / client sided manipulation and ensuring you keep optimal performance?

I’d love to hear your feedback / thoughts. Feel free to go as deep as you’re comfortable going!

Thanks as always for your contributions! 'ppreciate cha!

matahombres · 2023-09-10T10:35:51.478Z

Actually event protection is generally used for events that add items, give money, etc.

For example:
A non-protected script would be something like:

RegisterNetEvent('myscript:server:event1',function(itemType, amount)
  local src = source
  exports.ox_inventory:AddItem(src, itenType, amount)
end)

Basically, you try to protect what can be potentially dangerous for a server.

Calculations that have to do only with a client or with the client’s action are done on the client and that’s it (at least that’s what I do).

If you consider that it could be potentially dangerous for your server for a client to modify that data, then protect it. Otherwise, it is not necessary

As I suppose it is a drift script…
Is your server only drifting?
Is it just a mini-game with rewards that doesn’t have much impact?

Ask yourself these questions

Wetter42 · 2023-09-10T10:45:31.011Z

Absolutely great points, but in the case of my server - or at least its plans, the calculations will be one of the most important features of the server as it’ll directly translate to it’s ‘xp’ so to speak. I fear it becomes abusable. In any event, does that mean I should spend more effort validating if moving the code server side isn’t realistically possible?

matahombres · 2023-09-10T10:55:48.746Z

Mmm… it’s hard to say. Since I don’t really know what kind of script you are trying to do and how you are doing it.

If it “triggers” for example: If it’s an event that requires you to have started a race or be in a race with a limited time. It shouldn’t give you much trouble as long as you check on the server that the person is in the event/race.

Since to make a sploit requires some time to do so.

My point is the following: A car store is not the same as a racing script.
The first one is always available and for everyone.
The second is in a limited time and space.

(This does not mean it is impossible, but it is more complicated).

Wetter42 · 2023-09-10T11:23:55.710Z

right but this one is a landing script - which calculates for all players all the time unfortunately (or at least when landing…). Maybe someone else here has similar experience.

Wetter42 · 2023-09-18T19:09:11.979Z

I think I have an idea; I can utilize some sub-score calcs to identify factors that lead to a score and a range based on such factors…may be of benefit to me