category: Good pratices
What is authority?
When a player does an action in your game, authority troubles kicks in. Can the client decide for himself whethter what he did was legit or not ?
The best pratice for most client/server application is to restrict your client to sending "actions" and put the server in charge of deciding what this action will result in.
In this case, the server is authoritative. However, this approach has a drawback: It causes increased latency between the player's actions and the in-game result. Depending on your game, it can be troublesome.
- You are implementing a shop in your game. When the player performs a buy action, all the data associated with the action are sent to the server. It's up to the it to check if the player can buy the item, and perform the associated logic. This way it's impossible for a user to cheat his way into obtaining an item without having paid for it.
- Players are moving on the map. You can send the actual player position, and perform optimistic validation by supposing that in most cases players won't cheat by teleporting. Your server code accepts the positions sent by the client application. However the server can analyse the data afterwards, detect cheating and take the adequate measures for the game.
Who Is authoritative ?
Typically, the server authority is seasonable: some actions need to be checked by the server before pushing the results in your game, while others should not.
The goal is to strike a good balance between security, performance and user experience.