Ajax security in javascript games

Question

Ajax security in javascript games

In my JavaScript game (made using jQuery), I have a player position stored in the database. When a character moves, I simply send a request to specyfic URL, IE mysite.com/map/x1/y3(where the character position is x = 1, y = 3).

This url sends the coordinates to the database and checks if other players are next to ours. If so, it also sends a JSON object with the name and commands of these players.

And so my question is how to protect it? Someone can study my JavaScript code and prepare a URL similar to mysite.com/map/x100/y234, and they will “teleport” it to the other side of the map.

+5

javascript jquery security ajax

budzor Feb 15 '10 at 12:50

source share

2 answers

Eric Bréchemier · Answer 1 · 2010-02-15T13:04:38+0000

Any data / calculations processed in JavaScript in the browser will be unsafe, since all the code is executed on the local computer. I would recommend listing all the parameters that are critical to a fair game experience, such as player position, rating, resources ... and calculate server-side management of these parameters. You only collect user inputs from the browser and send the updated status to the browser for display.

Even if you decide to compute some values on the browser side to avoid latency, you should not take them into account for the global state shared by the players, and you should re-synchronize the local state with the global state - always in the direction from global to local - time from time.

, , , , , . .

Tom Jefferys · Answer 2 · 2010-02-15T13:03:50+0000

javascript. , , , javascript.

Ajax security in javascript games

More articles: