In networking, what should be done on server only, on client, etc?

Is there some kind of checklist of what I should do only on server, only on client, and what I should do on both?

I’m currently working with character movement modifications in my own game and using UT source code as a point of reference. Later I’ll be working on weapons, powerups, and abilities.

I’m looking at the UT source code and there are a few checks for if(Role == ROLE_Authority) on some things, and not on other things that I feel should potentially be done only on the server.

Here are a few examples: ProcessLanded() in UTCharacterMovement has no server only guards.
TakeFallingDamage() in AUTCharacter has server only guards.

I’d think ProcessLanded() has a lot of code that should only execute on the server so it’s not immediately obvious to me why it’s allowed to run on the client.

This is entirely dependent on the game and what you want to achieve. Some developers don’t really worry about people hacking their game and modifying running code to give themselves extra health or whatever … to others like me … it is always on my mind and I always try to protect everything I can without going overboard.

The networking tutorials (although in Blueprints) especially parts 5 and 6 cover nicely what the developer feels should be protected by the server. I basically used that as my guideline and decided from there what extras should be protected.

What does ProcessLanded() do … does it merely play an animtation. Remember that the movement is replicated … so dependent on the functionality of the call … that should indicate what should be server side and not.

I don’t have my code in front of me … so I can’t tell you how I protected my take damage functions.