Generally speaking, authoritative servers are more secure than non-authoritative servers, but non-authoritative servers can offer better performance (less lag). The issue of authoritative servers vs non-authoritative servers should be addressed during the early design stages. At that point, it would require a huge rewrite to fix some of the poor coding/design practices in the games, so it the developers are usually stuck in a terrible bind. As soon as their multiplayer games get popular, the hackers focus on ways to cheat in their games. When people with very little server security experience try to build an amazing multiplayer game, they nearly always concentrate on features and gameplay instead of security. Security needs to be addresses in the earliest stages of development. One of the biggest problems with security is that nearly nobody cares about it until something bad happens, and by that time it requires a huge overhaul to fix the issues. You can read more about Authoritative Servers and some techniques here:
( meaning the servers didn't make the player move, but the client made it move, which is non-authoritative ) Imagine that in DayZ, some people were able to delete a file which contained the colliders of buildings ( or something similar ) and were able to go through every wall and structures in the game. Games like Rust, DayZ and many more allow users to perform actions they shouldn't be able to.Įven in Battlefield 4, which has dedicated servers only available to trusted companies, i've seen players with 100% damage and aim bots.
Having a server that confirms that the actions of a player are correct and then the server itself performs those actions and only the server tells other clients what happened is mandatory. "hackers" in some way or another will eventually get access to the source code and be able to change anything they want. For multiplayer games, (Almost) Full Authoritative server is the way to go.