Jump to content

server vs clientside


shrike

Recommended Posts

I’ve been script testing on both the client and server sides and I’m looking for some input on how to select which side is the better choice. Obviously, some types of scripting have to be done on one side or the other, but I’m talking about situations where a choice exists.

I believe that scripting serverside would provide better sync for players, minimize client script downloads, and would, if needed, protect the contents of the script. The price for this would be increased traffic between the server and each of the clients.

On the other hand, scripting client side should provide better response for the player as the script is running locally for each client. However, I don’t believe that these client scripts would execute at the same time, and that would mess up the shared view of the server world events.

Can anyone tell me if what I’ve said above is correct? Suggestions on how to decide which way is better would also be very helpful.

Thanks

Link to comment

Server-side:

  • Slower
  • Safer
  • Generally more synced
  • Required for things like spawning
  • No downloading required

Client-side:

  • Faster
  • Easier to get hacked
  • Not too much is synced
  • Optional
  • Capable of a lot more graphical functions. For instance GUI and dx rendering
  • "Open-source" (aka, players can find the client scripts on their harddisk after download)

Generally, I think you should run all things client-side except:

  • Sensitive code
  • Things you want to keep secret
  • Things that can not be done client-side

But the speed and flexibility usually makes it worthwhile to script most things client-side. Although this is how I see it, it can be seen differently for every individual.

Link to comment

Gamesnert has provided a pretty good overview, but the I don't agree with his conclusions.

Everything should be server side if it can be. You should aim to put purely 'presentational' stuff client-side. You should avoid trusting the client at all, if you possibly can. Any interface you provide between the server and client should be as minimal as possible - don't let the client call any server function for example. It may be convenient for you - but it's a big risk.

This is from a theoretical point of view, in practice, you'll have to make compromises probably.

Link to comment
Gamesnert has provided a pretty good overview, but the I don't agree with his conclusions.

Everything should be server side if it can be. You should aim to put purely 'presentational' stuff client-side. You should avoid trusting the client at all, if you possibly can. Any interface you provide between the server and client should be as minimal as possible - don't let the client call any server function for example. It may be convenient for you - but it's a big risk.

This is from a theoretical point of view, in practice, you'll have to make compromises probably.

What do you mean with not letting the client call any server function?

What should I when I have to check if the username/password is in the database then? Or am I understanding you wrong?

Link to comment

Yes, callServerFunction is an extreme example of a very insecure system, but something more simple: Say you have a spawn screen that pops up, asking where you'd like to spawn, and what character. Maybe that pops up after you've been dead for 20 seconds or something like that. One way you could implement that would be to expose a 'spawnPlayer' event on the server to the client, where they specify where to spawn and the skin to use. Nice and easy. Of course, Mr Naughty Guy comes along and sees you've done this, hacks his client, and has an instant teleport script. Alternatively, you can provide a more specific event that's only valid when the user has been told to show the spawn popup by the server.

The difference is you've got all the key game logic server-side and self-contained. You see a player dies server side, you wait 20 seconds server side, you tell the client 'show the spawn player popup' and tell me what the user clicks on, you wait for the response, when they give it, you spawn the player where they specified, and they're no longer allowed to use that event. Perhaps you have other limits - certain skins they can't use. You may validate these in the popup window - maybe you only show a few skins, but you've got to validate that on the server too. It's all about validating the input from the client, and assuming they may be trying to game the system.

It's the same principle you right client-side and server-side code for web pages. Never trust the data you're being given by the client.

So with this in mind, you should obviously see that you'll have to duplicate most client-side logic on the server too, so you want as little on the client as possible. The client should be for presentation and for requesting input, never for game logic.

Link to comment

It is possible to learn from you, really somehow to influence client scripts during their work, from client-side, that is to hack a script and to change all its logic? For example, to change work of any functions in client scripts, or to call client-side functions, for example setPlayerMoney which gives money to the player, or setElementPosition which teleports the player.

Link to comment

My thanks to all of you, and in particular to eAi and Gamesnert for the detailed answers.

Most of what I've coded clientside is for a GUI menu. The menu options trigger server events, but I've used "hasObjectPermissionTo" checking that defaults to false in most of the server functions, denied access where necessary in the default group and created a separate acl group for access.

The exception would be a few water routines, including a "tides" function. They are currently in a client script because I thought they might run more smoothly, but I think I'll move them back to the server for better sync.

I just hope it doesn't cause the server to lag.

Is there a tool similar to the "netgraph" in CSS that would allow for server performance monitoring?

Link to comment
....

Is there a tool similar to the "netgraph" in CSS that would allow for server performance monitoring?

No, but there was a command you could use in game to display server performance. If I remember correctly, it was /shownet <1 or 0> (1 to show, 0 to hide).

Link to comment
....

Is there a tool similar to the "netgraph" in CSS that would allow for server performance monitoring?

No, but there was a command you could use in game to display server performance. If I remember correctly, it was /shownet <1 or 0> (1 to show, 0 to hide).

I think it's /netstat 1

That's what I use to get the connection data.

Link to comment
....

Is there a tool similar to the "netgraph" in CSS that would allow for server performance monitoring?

No, but there was a command you could use in game to display server performance. If I remember correctly, it was /shownet <1 or 0> (1 to show, 0 to hide).

I think it's /netstat 1

That's what I use to get the connection data.

That's the one.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...