Thought on cheat validation

I’m new to unreal but not to security, been working in global cyber security for years and all sorts prior to starting to learn this :slight_smile:

Instead of just killing the session if you get unexpected values you might be better off clamping the input and having the disconnect as the real final last resort. In our example something simple like this on the implementation.

void AGoKart::Server_MoveForward_Implementation(float Val)
	Throttle = FMath::Clamp(Val, -1.0f, 1.0f);

Reason being if i’m trying to compromise a system and I get a disconnect like the example I know I’m onto something as I’ve managed to get a response from the server I’ve caused that was unexpected.

Softly clamping it (and perhaps logging it somewhere), if I’m attacking the server it’s a lot harder for me to tell if I’ve managed to inject unexpected values or not as it just continues to function as expected. Obviously depends on the scenario but I always try to keep the attacker guessing and not knowing if they have been detected or not I’m assuming same translates to the gaming sector, also easier to monitor what they are trying to do that way as well and keep one step ahead.

Very thoughtful and insightful. Great stuff!