My desire is to avoid hacking into a game I make. My thought is that if the user only can provide input and is only returned a picture via the stream, then they cannot hack and are forced to obey the rules as I code them. Ofcourse if they literally hacked into the game-engine streaming service itself then that's a problem. But that's a different level of hacking. This “streaming” engine I think provides good security vs. a local game where a hacker can just hack into all the code and do who knows what.

But does this exist? I just want to make a basic 2d game but with a high score system for all users who choose to submit one. I'm worried that with a typical local game, people could just hack and put artificial high scores or alter the game to achieve highs cores they ought not to have. But with a game solely located on a server that literally can only take “controller” input and return a picture each frame, this wouldn't happen. Does this exist?

This isn't a Game Design question, so it has been moved to a more appropriate forum.

Not really seeing the programming question.

Well you can look at all the game streaming services that already exist, sure you heard all the noise about say Google Stadia recently? While they work for generic games, building a game “for it” would seem to have most of the same problems.

And the basic problem for the majority of game genres at least is cost and performance. It places a lot of load on servers, which needs paying for, and it massively increases latency, to the point noticeable by most people with normal internet connections, not just people looking for high refresh rate monitors, etc.

To get the latency even largely acceptable you need to run in data centres very near the individual player, further increasing the cost.

Now a lot of games, especially multiplayer ones do a lot of work on the server. So by design you can't just hack in an arbitrary score, hit points, etc. the client renders the graphics, and does some input prediction to deal with lag. Avoiding most of the server load, bandwidth, and latency issues. But then you can see report after report of hackers in these games, because the client still has enough information for aimbots, wallhacks, etc.

And even if did get the “everything on the server” solution, I would bet there are still going to be cheaters. Puit a dot on the screen to avoid iron-sights/scoping if there is no crosshair? Aim bots using image-recognition? Maybe even full on bots in like mmorpg? Macros? Alter/post process the colours to defeat stealth/camouflage, or otherwise make targets easier to see? Process surround sound audio to precisely locate players with a visual marker?

And outside the competitive scene, you also lose access to aspects of the community like modding, which unless highly restricted wouldn't really be practical on officially run servers.

You need to take into account that >>you<< have to pay for such a game for every player you'll have in the end because the game running on a server will cause third-party services like AWS to run on a higher workload and the service provider wants this costs back from you. So the main question is: “Is it worth it?” and the answer is usually NO!

Even services like Google STadia are not streaming images over the net but the game itself. The game has to be in a format that the Google service can determine which part of it needs to be streamed right now from the server to local client cache to work “seamlessly” and the client machine runs the game as normal, this is all the magic behind it.

If you are a hardware vendor that provides a specific kind of hardware with a specific kind of OS and are well established, then you can do the same with your simple 2D game. But even Ouya, the underdog gaming console uses an Android OS to run. You are wether Sony nor Nintendo so you have to play the rules of the market and thus are that your game might be too unimportant to succeed in such a scenario.

So instead of prevent people from hacking your game, which I don't even understand as long as it isn't a game that handles with real-world money or something similar worthy, think about how >>you<< can sanitize the high-scores commited to your server and reject such commits that don't seem to be valid