Javascript Security

Place for questions and answers for all newcomers and new coders. This is a free for all forum, no question is too stupid and to noob.
Post Reply
sonte
Posts: 5
Joined: Thu Feb 06, 2014 2:19 pm

Javascript Security

Post by sonte »

Hello everyone,

From everything that I have read, Javascript in general is very insecure. In chrome's built in debugger, you can pause anywhere on the script execution and see the contents of ALL of the variables. So, you cannot easily store anything in javascript with regards to securely connecting to your server. Most of the stuff that I have read indicates that you cannot trust anything that the clients sends as a base rule and do all the calculations server side. That is all well and good for true multiplayer games, but what if you just want a highscore backend for a single player game. For example I am making a tetris game. The main part of it is pretty much done, but I thought it would be cool to add in high scores. After looking through some documentation on this, my initial thought of just sending the highscore at the end of the game to the server to see if it was a new highscore is crazy hackable. To do all calculation server side is not really that big of a problem with node.js since i would just have to transfer the functions to the server, but that means that every game is going to have an open session with lots of communication going back and forth. This seems like a lot of strain to put on a server for just the ability to have high scores.

What would you guys do in a similar situation to mine?

PS I tried to do a search, and while it did populate results, when i clicked on them it got a permission denied tried to access index.php. If i navigated directly to the forum where the post was, I was able to view the post just fine.
User avatar
Jackolantern
Posts: 10893
Joined: Wed Jul 01, 2009 11:00 pm

Re: Javascript Security

Post by Jackolantern »

Unfortunately for client-side games high score systems usually aren't worth it on their own. That is because you would have to make the single-player game function as an online game, where all the true game logic and scoring is happening server-side. However, if you add in multiplayer, then it obviously would become worth it since you are creating a server-side element at that point. That is probably how I would suggest to move forward: Either drop the leaderboard and stay single-player client-side, or go all in with multiplayer. If you do the former, you could use local storage to store each player's individual high scores.
sonte wrote:PS I tried to do a search, and while it did populate results, when i clicked on them it got a permission denied tried to access index.php. If i navigated directly to the forum where the post was, I was able to view the post just fine.
That is odd. I will try to see if I can re-create it.
The indelible lord of tl;dr
Post Reply

Return to “Beginner Help and Support”