Spooky you are making rediculous assumptions.

Hate to break it to you but Creep666 just proved your assumptions are wrong with his screen shots, in the build he was playing anyway.

My post was meant to show where it is possible that if the developers haven't specifically coded in protection, that works, there could be a vulnerability, according to your post the developers are infalable and "of course such data is checked"!

Peer to peer doesn't make the game any harder to hack than host/client or dedicated server UNLESS the only data sent between players is their keyboard and mouse presses and even then someone could write a hack that hits your interrupt button as soon as the opponent casts a heal.

A worked example for sake of argument:

Dedicated server

A client moves his character, the client sends where his new position is to the server.  Or the client sends to the server he is moving forward, which is a shit way to code it because the client would have to send way more data.  The server needs to check (specifically put in by developers as anti cheating) is it possible that his new position is there now given movement speed etc?  The check has to account for lag, stuff like that maybe an exposive propelled him etc?  Basically it's a lot harder to check than you think and is why Counter Strike has been plague with movement hacks since it's release.

Peer to Peer

Client A moves his character, it sends his new position to Client B.  Client B has to specifically check the exact same things the dedicated server had to check, there's no difference.

The only other way Peer to Peer works is that Client A didn't send his new position, he in fact sent data to Client B saying he had his Demigod selected and he right clicked point x on the map.  Client As machine then works out all the pathing for that Demigod, his speed and where he will end up himself.  That's possible that this is how it is working, and if so it is a lot less vulnerable to hacking but then you have to assume this is what is happening in all cases, such as navigating the shop windows, you are assuming the player doesn't just send "I bought Vlemish Helm" to the other player.  Again you are assuming the developers are infalable.

Also worth noting this second method is a lot harder to code because desynchronisation is hard to debug so it's not unlikely a few shortcuts would be taken here or there to get things working!

/tldr

Being told Peer to Peer stops hacking is pulling the wool over your eyes, believe me.  It makes it possible for the developers to reduce the likelyhood but vulnerabilities are actually more likely to be all over the place than software bugs mainly because the usual way to find a vulnerability is to find a user who is exploiting it such as a hacker.

The premise of most security flaws isn't just forcing what you want in, it's fooling whatever system it is to accept it as correct. P2P does make that harder, not only do they have to accept it as legitimate data but they also have to get the same result as you when processing it.

That's not infalible though, say for example you can make your client sell a vlemish helm even when you don't have one. You send the "I'm selling something" call out to everyone else, everyone removes the vlemish helm from your demigod and gives you gold without checking that there was a helm in the first place. Your response matches theres and no desynch occurs, yet you just got more gold than you should have. It may well check for consistancy in selling items and not be possible like that, but it just takes one loophole like that for a working cheat to emerge.

There may be other more esoteric quirks too, say there's a rounding up in calculating your starting position when moving, could you send thousands of miniature move commands to make the rounding error add up in your favour? Probably not but if you could it wouldn't cause a desynch.

I'm not saying DG is likely to be full of silly holes like that, I'm just saying a P2P system isn't inherantly secure just because it's P2P.

You somehow got the same point I was making accross, thanks.

some little facts to throw into the discussion

fact#1:

since the cheater always created new player profiles, the match always started with "xxx the Millionaire"-achievement.

fact#2:

the cheater himself said he was using a trainer.

I've just seen the method. Not going to link it here. Shall we say, .. .. just sigh. Who the hell decided that was a good idea?

Fact is, if anyone can be proven to have cheated in Demigod (e.g. by replays), he would get his game account banned. That's why I'm rather cool about this matter.