The game is inspired by Mario Odyssey, so pretend you're converting something like that to an online server-based game.
Given that the delay between the server and client is dependent on the player's connection, many have said to render the effects on the client for immediate feedback, and then check and finalize if it makes sense on the server. I've searched and scoured through many previous forum posts and lots of it is very non-specific.
My current game trusts the client with almost every single component there is (hacking it would be the easiest thing there is), and I am looking for assistance in converting it to lessen these responsibilities to the point of ridding game-breaking exploits.
My game uses a custom damage system where when you take three hits, you are out. When you die, instead of killing your character, it plays a death effect and teleports you back to the most recent checkpoint.
How would I convert this custom death/damage system to rely on the server? There are a few things that invoke damage which are damage bricks, or falling beneath a Y-level of my choosing (preferably 0). How would the instant visual feedback from the damage brick work? Would I have to run a Heartbeat/something else on the server constantly checking if the player is beneath the level, instead of relying on the client to do this. Now, say you get hit. There is around a three-second cooldown before being able to get hit again. How would I align this with the server?
I apologize if what I am saying goes all over the place; I am just very confused and distraught as this is an essential part of developing games and not being able to grasp the concept at all is upsetting. Thank you so much!! :)
TLDR: How do you convert a client-reliant game to a secure server-reliant game without sacrificing the immediate feeling of response.
I think you should leave the server to changing the important game-breaking values, or the values for something you want everybody in the server to see (ex. Appearance/Avatar). Changing a value on the server will make it so that change appears to everybody in the server. If you change the amount of money you have on the server, everybody in the server, including you, will be able to see that money that was changed.
The client should detect player input and display information to only that specific player. Changing a value on the client will make it so that change only appears to you. If you change the amount of money you have on the client, only you will be able to see that money that you changed - nobody else in the server.
Don't feel inclined to change absolutely everything to the server, detect player inputs on the client and change important values on the server. Connect both using a remote event.
Specifically for the damage system, I would use a remote event: In the client script, I would check if the player has touched the part or is beneath the level. If the player meets those conditions, I would fire a remote event to the server. In the server script, I would specifically change the damage value by connecting to the remote event fired by the client script.
If you have any issues feel free to let me know.