Online gaming · Gaming

How do you design a cheat-resistant realtime multiplayer (browser) game?

Nate Holbrook Founder / CEO at Lilac

January 6th, 2016

Looking for some gaming hacks, are there certain software tools/platforms that allow for a cheat resistant realtime multiplayer browser game that I should be incorporating in my current design or does this need to be built from scratch?

Pierce Wetter Front End Principal at Skyport Systems

January 7th, 2016


Security can't come from anything you do browser side. It has to be baked into the server, because you can't control clients. So your APIs have to be designed around security from the get go. It has to be impossible to cheat even if calling APIs directly. 

You should have a proxy layer that sits in front of your API servers that limits customers access to the APIs. That way if there's a security hole in your API server stack, cheaters will end up in the proxy server not your main server. 

You'll want security between servers in your API layer as well, so if someone hacks into a support server like memcached, they can't escalate between servers. 

It wasn't my intent to shill for Skyport, I just answered this because its a security question, but we do sell secure servers that implement the proxy layer I just talked about and the protections between services.

Joanan Hernandez CEO & Founder at Mollejuo

January 7th, 2016

Hello Nate,

Please, allow me to argue:

Does it makes sense to take the time and effort to do such a thing now? Or is it better to concentrate to build a better game?

Pierce point is important. However, you might be spending precious time in a feature that in the end, if the game doesn't takes off, it might be an overkill.

I would concentrate on the game itself trying to be fun, interesting, challenging or whatever, instead of thinking how people might try to hack it.

That's just me.

Your question reminds me the challenge Microsoft had with piracy in China, which in the end Bill Gates (and Microsoft) decided:

If people are going to pirate software, might as well be mine.

Good luck!

George Lambert Interim CTO - CTO's for Hire

January 6th, 2016

If you build in real time logging with memcached - and an ability to block user actions or disable players in your code based on a memcached block list - your blocking technology is external to your core app and can be changed in near real time. If you need some help with a design send me a private message. 

Scott McGregor Advisor, co-founder, consultant and part time executive to Tech Start-ups. Based in Silicon Valley.

January 6th, 2016

I know a top game designer with time on her hands who can consult with you. If that interests you, contact me and I will connect you two.

Jeff Fitzmyers Project Manager at Energy Remodeling Inc.

January 7th, 2016

Consider an overall design with a lot of transparency and variables set by supply and demand rather than "arbitrary" values.