Topic: [SUGGESTION] Dont trust the client, run all game code on server
I have a suggestion to prevent bots and cheats:
Why not render *everything* om the server, one rendering for each client, and not trust the client at all?
Then send it as a SVG/JPEG/PNG/GIF image to the client as a image/movie stream.
The client only sends its actions to the server, like "+attack" and such.
The client then only has 2 missions:
1: Receive the image stream from server, stretch it and show the image stream to the user.
2: Have a record for keybindings vs actions, so keymapping still can be configured.
If you know what VNC, RDP and Rdesktop is, then you know what im talk about.
A good idea would maybe that the game can use the VNC protocol (RFB, port 5900). When a client connects, he gets a dialog where he sets player name and all keybindings. This would mean that no game client is necessary, any VNC client will do as the game client.
The server browser could simply be a webpage then, where adresses to servers is shown. Then any player can launch any VNC client and connect to a server.
Then theres nothing to modify or cheat with.
It would effectively making cheats impossible.
To get decent performance and no lag, you would need to keep the image transferred very small, and instead stretch it on client side.