Best IT Recipes

How to make a safe game in javascript?

I am working on games using javascript, some html and css, and I was wondering if there is a way to protect the game so that the user cannot just call game.php? result = victory to finish the game and earn some points.

Like now, this is the solution I have.

  • For a random game, start a page with the result already in place, win or free, then just do some animations to show it, but everything is done and the server won / lost / lost material.

  • For a fighting game, just get the action from the javascript call and calculate the damage, the reaction of the supporter on the server and just send the data.

but the last solution implies that I will have to submit actions every time the user does something. It might work in a battle with a turn, but I think it will be slow for any other game. So my question is whether there is some safe way to prepare my javascript to protect the sent information.

+8
javascript security php
Mar 30 '10 at 8:48
source share
5 answers

The only way to protect it is so that all calculations and checks are done on the server side. The way it was done on almost all online games. The client should never be trusted with an online connection, and you should always make sure that the server is really doing something real on the server side. (In any case, in practice, you should somewhat trust the client for compensating for the backlog and uploading some non-critical things to the client side).

For this reason, javascript is not a very good language for developing an online game, since each action needs to be processed and verified by the server. For other programming languages, this is not such a huge problem, because you can create your own communication protocols using TCP / IP for the server and client. However, this is not possible for javascript, because you must rely on the HTTP protocol and XMLHTTPRequest handlers, which make a very inefficient connection between the client and server.

As you said, you can always work with the interface in javascript, but for security, you still need to do a lot of server-side stuff, and this certainly does not work for games that require more action-oriented management. Thus, you are pretty much limited to cornering games if you need security.

+13
Mar 30 '10 at 9:08
source share

You could do something to prevent a naive user, but probably not everyone. It all depends on how you motivate the person to โ€œattackโ€ your game. At the end of the day, the user can use the javascript debugger to see exactly what your code is doing and copy it. Even if you send back every action of the game, the user can still play it. If you are not careful about the actions that users can take, they can send back actions that would not be possible if they controlled the game using the default control scheme.

+2
Mar 30 '10 at 8:53
source share

There should not be a URL to win. During the game, the client must send user actions, and if they win, the server redirects them to the victory page.

No calculation / award should be made on the victory page, if any.

+2
Mar 30 '10 at 8:54
source share

No, there is no way.
What happened to sending user actions to the server?

+1
Mar 30 '10 at 8:51
source share

Would this be considered an option? (Late answer)

Transfer critical (material that you donโ€™t want to hack) to a hidden internal flash player that acts as a storage of critical variables, a calculator (for example, "Life Points") and a "communicator" to break for such game data.

It is definitely more secure than JavaScript. But still; Itโ€™s best to assume that your client side is 100% unprotected. (Even in C ++ games, lol: hackers)

However, by transferring traffic for game data to flash, you can use some of your more interesting communication functions, for example: P2P =)

+1
Jul 03 2018-11-11T00:
source share


More articles:


All Articles