Hi all !
I am trying to understand the limitations of the host/peers model in terms of security in parallel game sessions. I've read various things here and there, but I'm still confused about one particular situation.
By "parallel game sessions" I mean a form of multiplayer where players don't interact with each others but all contribute to a shared central database (e.g. a leaderboard)
I am familiar with multiplayer concepts and low-level networking (packet handling), but I don't know much about general web-technologies (Ajax, etc.). I'll try to expose what I understand, and hopefully someone can confirm what is doable/not doable
Scenario 1 : actual multiplayer, parallel sessions. E.g. players divived in small groups in separate PvP or coop matches
The first player to enter the room becomes the host for the session ; the host processes all the gameplay logic, peers only process input and player feedback to present the game as the host sees it.
Cheating is possible but is mitigated by the fact that the host is selected "randomly". Unless all the participants are in on it, someone running a hacked version of the game is unlikely to become the host.
This is acceptable.
Scenario 2 : actual multiplayer, single session. E.g. a small "mmo"-type game where all the players are part of the same world
(Feasibility is debattable as dozens of players joining the same room would quickly cause some bandwidth issues on the host ; this example is only a "study" case)
As there's only one single instance, the developper can run its own copy of the game and make sure he gets selected as the host (i.e. join the room before anyone else). This prevents cheating by guaranteeing that a "clean" version of the game is running the gameplay logic.
So far so good.
Scenario 3 : parallel sessions, central database (leaderboard). E.g. a puzzle-game where participants compete to get the highest score. The gameplay is "single player" but the leaderboard is "shared"
That's where I'm stuck...
In a typical server/client architecture, you have full control of the server ; so your server can handle multiple "solo" sessions in parallel, or you can spawn more servers with bridges to balance the load if necessary.
Is this possible to emulate this behaviour with host/peers ? There's no actual interaction between players, so it wouldn't make sense for players to connect to the same host. But at the same time, you would want each player to only be a peer, connecting to a host you control (as a developper) to ensure gameplay logic is fair.
Imagine a CCG puzzle-game where players have to defeat AI/challenges (solo gameplay), but you want to maintain a central secure leaderboard to reward the best players with trophies and in-game items. You can't really have each player running their own logic locally, or the leaderboard will quickly get filled with 999999999 impossible scores…
I'd appreciate if someone could comment on this scenario, and if this is even possible, to present a brief overview of the technologies involved (implement my own server and low-level networking to spawn a host for each new peer ? etc.)
In its core essence, I think the problem can be summarised as "how do you make a secure shared leaderboard in a host/peer architecture ?"