why are we even using user input at all
this isn't even a problem that needs fixing - just flat out ignore user input that doesn't need input
Bleh I don't think either of you understand the example I wrote, so here it is again:
You have a server, running a server mod that involves players having different stats, some examples could be money, titles, achievements, etc.
This server mod also comes with a client mod that people can download and use on the server.
The server doesn't want players to loose their stats in the event of a crash or other game-ending and possibly data-loss inducing event, so it wants to store the players stats
on the clients harddrive as well as their own, so they can use it combined with a server command of some sort to restore their stats from the file.
Now you may say, "This is a horrible idea! They can edit it!" and you'd be right, but we can prevent that!
How? Using HMAC! Simply sign the data with a secret key that's
only known on the server, and send it to the client. Then the client can't change the data without invalidating it.
If you still can't understand that then that's legitimately not my problem anymore.