Advertisement

Leaderboards Without a server?

Started by August 09, 2017 11:57 PM
19 comments, last by Rutin 7 years, 3 months ago

Hello,

I was hoping someone could help me out here. I'm working with a small team of people to make a game; something simple to start before we start major work on a grander game we have in mind. We may end up making more prior to the launch of the main thing. 

With that out of the way; the first project to get our feet wet in Unreal and basics is to make a basic shooter/survival like game- what better way to make people wanna play than some competitiveness? I want to add a leaderboard to track peoples scores and how long they survive. Downside is I don't have money for a server(though a basic shell may be viable if it is absolutely needed.)

Is there a way to make a leaderboard option without the use of a server? maybe having it stored on say a google document or a page on the main website and have it parsed/pulled and shown in game? 

Thank you in advance.

 

Would getting a very cheap shared hosting plan to have a database work? This is all you really need... Just update the database with scores, and pull from the database to display in game for your leaderboard scores. You do not need a full server that runs 24/7 with the numbers stored waiting for client requests for data to do this.

You can also host all the user logins on the database so you're updating registered users only.

Programmer and 3D Artist

Advertisement
5 hours ago, Aaric90 said:

Is there a way to make a leaderboard option without the use of a server?

You will need somewhere to connect to, somewhere that has the data. There are many hosting sites that can handle it for free or extremely low cost.

That doesn't mean it must be complicated.  Wordpress is easy enough to set up for free, and with minimal PHP and WordPress knowledge you could set up a page that handles it.   You'll want to make sure the host provider allows the use, but assuming you're also redirecting people to your web page and not showing up oddly in their site statistics, you should be fine.

As you suggested in your post, you could then use standard web calls to serve up the data and to post new entries in the table.

Note that you'll still need to figure out how you'll handle attacks, cheaters posting fake scores, people attacking the server, and so on. 

I urge extreme caution against letting the client connect directly to the database.  If you do then a modified client can connect to the database and issue *any* database command it wants, such as delete the whole thing.

If you have a server, even a very cheap one, that the client connects to, it shields your data from the client.  You could also do some kind of detection on the server when a client submits a score as well to ensure it makes sense.  For example, in a racing game, if the client said it completed race #5 in 4 seconds, you know that is impossible and discard the score without recording it in the leaderboards.  You have no such option if the client directly connects.

 

1 hour ago, ncsu121978 said:

I urge extreme caution against letting the client connect directly to the database.  If you do then a modified client can connect to the database and issue *any* database command it wants, such as delete the whole thing.

If you have a server, even a very cheap one, that the client connects to, it shields your data from the client.  You could also do some kind of detection on the server when a client submits a score as well to ensure it makes sense.  For example, in a racing game, if the client said it completed race #5 in 4 seconds, you know that is impossible and discard the score without recording it in the leaderboards.  You have no such option if the client directly connects.

 

You would never have a client directly make any SQL quires in this case. This is no different than having an online website that requests database information, you always pass it to another source that verifies what data is being requested, makes the pull securely once filtered (if it wasn't secure nobody would use databases online), pull the data - then confirm again it is indeed safe to share, close the connection, post the data online, and have the client pull from that read-only source . The client itself is only forwarding information it wants to a 3rd party requester, and waiting for the information to come back.

In this scenario the client holds no database connection information, or ability to index any data in the database. The sole purpose is to say "Send Username and Password from the client with request to update that users high-score - then wait for a response if successful" or "pull public leader-board information and post it in game".

I personally avoid this and use servers directly, but it's been awhile and I might be wrong but libcurl comes to mind and I would recommend starting there.

https://curl.haxx.se/

Programmer and 3D Artist

This is a terrible idea, and I don't recommend it...

BUT-

What if you temporarily used a service like Trello?  You can access it via rest/web API, don't need to pay for it, etc.

Advertisement
1 hour ago, trjh2k2 said:

This is a terrible idea, and I don't recommend it...

BUT-

What if you temporarily used a service like Trello?  You can access it via rest/web API, don't need to pay for it, etc.

It's for sure not something people should make a habit of doing. However, the user needs another solution because the server route is currently not an option right now.

I'm always curious to read other people's opinions and thoughts. What risk are you seeing from sending just a username and password (which hundreds of thousands of online services do) with a high score to a verification script that's hosted on a PHP server (as an example)? A lot of web applications work this way in general.

I fail to see any risk unless you have direct client to database access, which is being cut off completely.

The only issue you might run into is a slow down if too many calls are being made because of the amount of database connections. It's much different than loading initial detail from a database into a sever, holding all the data and doing a service maintenance that updates the database once a week.

Programmer and 3D Artist

5 minutes ago, Rutin said:

What risk are you seeing from sending just a username and password (which hundreds of thousands of online services do) with a high score to a verification script that's hosted on a PHP server (as an example)? A lot of web applications work this way in general.

Is the question directed at me?  Cause if this is in response to the trello suggestion, then I'm not sure I understand the question.

If you have access to a server where you can run php scripts, hold onto user accounts, etc., then the trello thing becomes irrelevant.  Just implement your leaderboard on that server.  Similarly, if you have access to the setup needed to validate an account via PHP then you should also be interfacing with your database that way, instead of directly.  Letting your client app talk directly to the database means that any client has full access to everything.  Putting your PHP session in between means that there's a point every message has to go through, that you're in control of, that can validate not only that a client has signed in, but that it's only going to succeed at doing thing it should be allowed to do.

I wasn't sure who your post was directed to "This is a terrible idea, and I don't recommend it..." haha still trying to keep my eyes open from a long day! As the idea of not using a server and going down the route of passing data back and forth through the web with PHP scripts can be slower, it's not necessarily less safe to the degree you would have to worry about bad information, and rouge database access if setup correctly. I don't like the idea for the fact you need to be able to maintain so many database connections at once, and the performance might not be there with a high amount of user access.

We seem to be on the same page, and I most likely read your response wrong. It's just very important people never do client to database connections.

Programmer and 3D Artist

You cant get a server because of money. If anyone buys your game you'll have money. Why not host your own server on one of your own computers? It's not as if you expect to have crazy traffic, do you? Do you Apache? Maybe you should. 

This topic is closed to new replies.

Advertisement