Jump to content
  • Advertisement
Sign in to follow this  
andrew7

Saving score problem

This topic is 3625 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hello, I have created a game in javascript and I want to save a score by calling a page using ajax. The problem I am having is that people can view the source code and find out the url and save a fake score. If anyone has any solutions to this it would be appreciated. I could just program the game in java or flash, but couldn't they just reverse engineer it and find out the url. I am not overly worried about normal people playing the game. It's just when I show the game to my freinds they always find a way to exploit my code. Thanks for any ideas.

Share this post


Link to post
Share on other sites
Advertisement
I'm not familiar with Ajax, but the first thing that comes to mind is to verify that the connection comes from the IP address of the server that hosts your game, then only the game itself will be able to submit scores.

If the connection comes from the user's client, then quite simply there is no way to make the scoreboard completely secure without having the server track the game. The best you could do is try to obfuscate the data.

Share this post


Link to post
Share on other sites
Quote:
Original post by andrew7

If anyone has any solutions to this it would be appreciated.


There is no way.

Quote:
I'm not familiar with Ajax, but the first thing that comes to mind is to verify that the connection comes from the IP address of the server that hosts your game, then only the game itself will be able to submit scores.


One somewhat easy way to achieve such browser cheating would be GreaseMonkey. After figuring out how to send arbitrary score to the server, I write GM script that injects code that sends false score into the page you served. Then, while playing the game, I just click a link/button that executes that code.

This approach is completely indistinguishable from actual script that runs on the page - since it is the same script, just modified on the fly.

Quote:
I could just program the game in java or flash, but couldn't they just reverse engineer it and find out the url.


Same problem as before applies. There is no way to ensure that client is legit, or that they execute the code you provide in a way you intended.


The only way to get around is to host the logic on your server, which is what MMOs do.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

GameDev.net is your game development community. Create an account for your GameDev Portfolio and participate in the largest developer community in the games industry.

Sign me up!