Home
Blogs
Forums
News
Portfolios
Projects
Tutorials
36 users logged in
New? Learn about game development.
Before posting, review our community guidelines.
Follow Us
Chat in the GameDev.net Discord!
Mastodon
Back to General and Gameplay Programming

Saving score problem

Started by
1 comment, last by Antheus 15 years, 3 months ago
Hello, I have created a game in &#106avascript and I want to save a score by calling a page using ajax. The problem I am having is that people can view the source code and find out the url and save a fake score. If anyone has any solutions to this it would be appreciated. I could just program the game in java or flash, but couldn't they just reverse engineer it and find out the url. I am not overly worried about normal people playing the game. It's just when I show the game to my freinds they always find a way to exploit my code. Thanks for any ideas.
Advertisement
I'm not familiar with Ajax, but the first thing that comes to mind is to verify that the connection comes from the IP address of the server that hosts your game, then only the game itself will be able to submit scores.

If the connection comes from the user's client, then quite simply there is no way to make the scoreboard completely secure without having the server track the game. The best you could do is try to obfuscate the data.
Quote:Original post by andrew7

If anyone has any solutions to this it would be appreciated.


There is no way.

Quote:I'm not familiar with Ajax, but the first thing that comes to mind is to verify that the connection comes from the IP address of the server that hosts your game, then only the game itself will be able to submit scores.


One somewhat easy way to achieve such browser cheating would be GreaseMonkey. After figuring out how to send arbitrary score to the server, I write GM script that injects code that sends false score into the page you served. Then, while playing the game, I just click a link/button that executes that code.

This approach is completely indistinguishable from actual script that runs on the page - since it is the same script, just modified on the fly.

Quote:I could just program the game in java or flash, but couldn't they just reverse engineer it and find out the url.


Same problem as before applies. There is no way to ensure that client is legit, or that they execute the code you provide in a way you intended.


The only way to get around is to host the logic on your server, which is what MMOs do.

This topic is closed to new replies.

Advertisement

Popular Topics

Aybe One
How do you manage yourself and your time as years pass on? GDNet Lounge
ReignOnU
Do your part to stop global warming and climate change GDNet Lounge
Konjointed
C++ how do you use dependency injection? For Beginners
Jikoob
Too many managers? General and Gameplay Programming
aigan
The promise of freedom in story games Game Design and Theory
konev13
Syncing 3D animation with hitboxes General and Gameplay Programming
Advertisement

Recommended Tutorials

GameDev.net
Join the Games Industry Roundtable and Make Your Mark on the Technology of the Future Event Coverage
gdarchive
John Carmack .plan Archive - 1998 Interviews
Myopic Rhino
The Simplest Game Possible General and Gameplay Programming
Myopic Rhino
Identification of x86 CPUs and their features with CPUID General and Gameplay Programming
Myopic Rhino
Game Attorney Q&A #02 Business and Law

Reticulating splines

About GameDev.net
Community Guidelines
Terms of Service
Privacy Policy
Contact Us
Copyright (c) 1999-2024 GameDev.net, LLC
Back to Top