• Announcements

    • khawk

      Download the Game Design and Indie Game Marketing Freebook   07/19/17

      GameDev.net and CRC Press have teamed up to bring a free ebook of content curated from top titles published by CRC Press. The freebook, Practices of Game Design & Indie Game Marketing, includes chapters from The Art of Game Design: A Book of Lenses, A Practical Guide to Indie Game Marketing, and An Architectural Approach to Level Design. The GameDev.net FreeBook is relevant to game designers, developers, and those interested in learning more about the challenges in game development. We know game development can be a tough discipline and business, so we picked several chapters from CRC Press titles that we thought would be of interest to you, the GameDev.net audience, in your journey to design, develop, and market your next game. The free ebook is available through CRC Press by clicking here. The Curated Books The Art of Game Design: A Book of Lenses, Second Edition, by Jesse Schell Presents 100+ sets of questions, or different lenses, for viewing a game’s design, encompassing diverse fields such as psychology, architecture, music, film, software engineering, theme park design, mathematics, anthropology, and more. Written by one of the world's top game designers, this book describes the deepest and most fundamental principles of game design, demonstrating how tactics used in board, card, and athletic games also work in video games. It provides practical instruction on creating world-class games that will be played again and again. View it here. A Practical Guide to Indie Game Marketing, by Joel Dreskin Marketing is an essential but too frequently overlooked or minimized component of the release plan for indie games. A Practical Guide to Indie Game Marketing provides you with the tools needed to build visibility and sell your indie games. With special focus on those developers with small budgets and limited staff and resources, this book is packed with tangible recommendations and techniques that you can put to use immediately. As a seasoned professional of the indie game arena, author Joel Dreskin gives you insight into practical, real-world experiences of marketing numerous successful games and also provides stories of the failures. View it here. An Architectural Approach to Level Design This is one of the first books to integrate architectural and spatial design theory with the field of level design. The book presents architectural techniques and theories for level designers to use in their own work. It connects architecture and level design in different ways that address the practical elements of how designers construct space and the experiential elements of how and why humans interact with this space. Throughout the text, readers learn skills for spatial layout, evoking emotion through gamespaces, and creating better levels through architectural theory. View it here. Learn more and download the ebook by clicking here. Did you know? GameDev.net and CRC Press also recently teamed up to bring GDNet+ Members up to a 20% discount on all CRC Press books. Learn more about this and other benefits here.
Sign in to follow this  
Followers 0
Oliver Sch

Prevent Unauthorized Access to Server.

6 posts in this topic

I am making a Multiplayer Game in Javascript with Socket.IO / nodeJS.

Since JavaScript is to easy to access for everyone;

I would like to know if someone could simply Copy the source code of my Game.
Then paste the code on his own website.
And access my Server via his website since he has my server IP now?
0

Share this post


Link to post
Share on other sites
I found this article:

[url="http://en.wikipedia.org/wiki/Same_origin_policy"]http://en.wikipedia....e_origin_policy[/url]

But what if the server is not hosted by my website host company? Edited by Schoening
0

Share this post


Link to post
Share on other sites
Do you plan on implementing some sort of login process? You can't really prevent anyone from sending requests to your server, but you can return a 403 error to users who aren't logged in.
2

Share this post


Link to post
Share on other sites
I do plan a login !

I still do not understand how Same Origin Policy works..


I made a server on my Computer, but was able to access it via my Client that was on DropBox.. Doesn't that go against the Same Origin Policy?
0

Share this post


Link to post
Share on other sites
If I'm not mistaken, Same Origin Policy is enforced by the browser on scripting languages.
So I can write a console application and send requests to your server, but if I tried it through an AJAX call in JavaScipt, then I should get an error...
If I put your site in an iframe and tried to access that iframe using JavaScript, then I should get an error...

Just remember that it is not enforced by your server, it is enforced in the browser.
2

Share this post


Link to post
Share on other sites
Generally speaking from my experience. If the html file is being served the socket.io.js file from your server

i.e.
[source lang="jscript"]<script src="http://yourdomainhere.com/node_modules/socket.io/node_modules/socket.io-client/dist/socket.io.js"></script>[/source]

Then it will connect to your server. This really isn't a problem as long as you have a login system. If you have a login system the only data they can recieve is data that is sent to all clients that is suppose to be public and any data it sends that has to be logged in tehy would need to log in. If your server checks for bad data then even if they modify the page to send "hack/cheat" data your server should see that and kick them off.

I have found that if you do the realtive path for serving the socket.io.js file then if the page is not coming from your hosting server then it will not connect. (This could be a bug in node.js/socket.io and it may not work like this for everyone) but if I do realtive path then move the client to another host(making no changes), and try to connect it will not connect.

[source lang="jscript"]<script src="../node_modules/socket.io/node_modules/socket.io-client/dist/socket.io.js"></script>[/source]



I hope this helps. Let me know if you have anymore questions. Edited by RanBlade
0

Share this post


Link to post
Share on other sites
[quote name='Schoening' timestamp='1351436980' post='4994725']
I am making a Multiplayer Game in Javascript with Socket.IO / nodeJS.

Since JavaScript is to easy to access for everyone;

I would like to know if someone could simply Copy the source code of my Game.
[/quote]
Yes. They can just do view->source and follow the src urls to grab the JS files.

[quote]
Then paste the code on his own website.
[/quote]
Yes, they could certainly do that. They don't even need a webserver, they can just copy and run the code from their desktop.

[quote]
And access my Server via his website since he has my server IP now?
[/quote]
They don't even need to download your code to find your server IP. All they need to do is run "netstat" or, just ping your domain name (DNS will resolve your name to an IP). Think of your IP as a street address which is publicly visible. Who cares who knows your address when you've got a lock on the door?

Now, you do NOT want to do username and password authentication in Javascript. Javascript is a client side scripting language, so assume that your users will be able to read all of your code. You want to do user validation on the serverside through a server side scripting language, such as PHP, ASP, etc. Ideally, the usernames and passwords are stored in a database as hashed values. Your server side validation script will verify that the refering URL is your own domain, then it will grab the username and password, hash them, and then connect to the database and see if there's a stored hash match. If a match is found, the user is authenticated and you can start a server side session in order to maintain state variables between pages. I've barely hit the wavetops on how to do web security (good security will handle SQL injection attacks, start an HTTPS session before sending account info across the wire, etc).
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0