Firstly, I know that there is no 100% solution, and this question has been asked more than once.
These messages are my favorites first and second , but they are too old, without sufficient effective solutions.
I create a social game in JavaScript, HTML5 and CSS3, and I use canvas. For security reasons, I wanted to know how to determine if the user is using his debugger tool. To prevent if the user is trying to change some value, speed, etc., but I can handle most of these things with PHP.
My game is in real time.
This is a non-exhaustive list of some anti-hit ideas:
- Check values ββevery time he earns points on the server side to make sure he is consistent.
- Scan each value, then decrypt it on the server side.
- Have a different hash for each value and make it random every time the user loads the game.
- Minimize and encode the entire script file.
- Determine if the user uses a debugger and checks if he changed his window during the game (but he could open his debugger before loading the game like that ...).
- Make the page submit full game play and check for inconsistencies.
- for each request to the server, send a script and compare it with the original script if the user changes it.
- Put the script scaled down inside my html page and for each request send back the orignal script to replace the actual one.
- , , , , ( , , , , : 47 . 1000, 40 . 50 . 1500, ).
, .
.
.
, 100% .
, -, .
, , , , , .