Javascript Security
Posted: Tue Feb 18, 2014 1:14 am
Hello everyone,
From everything that I have read, Javascript in general is very insecure. In chrome's built in debugger, you can pause anywhere on the script execution and see the contents of ALL of the variables. So, you cannot easily store anything in javascript with regards to securely connecting to your server. Most of the stuff that I have read indicates that you cannot trust anything that the clients sends as a base rule and do all the calculations server side. That is all well and good for true multiplayer games, but what if you just want a highscore backend for a single player game. For example I am making a tetris game. The main part of it is pretty much done, but I thought it would be cool to add in high scores. After looking through some documentation on this, my initial thought of just sending the highscore at the end of the game to the server to see if it was a new highscore is crazy hackable. To do all calculation server side is not really that big of a problem with node.js since i would just have to transfer the functions to the server, but that means that every game is going to have an open session with lots of communication going back and forth. This seems like a lot of strain to put on a server for just the ability to have high scores.
What would you guys do in a similar situation to mine?
PS I tried to do a search, and while it did populate results, when i clicked on them it got a permission denied tried to access index.php. If i navigated directly to the forum where the post was, I was able to view the post just fine.
From everything that I have read, Javascript in general is very insecure. In chrome's built in debugger, you can pause anywhere on the script execution and see the contents of ALL of the variables. So, you cannot easily store anything in javascript with regards to securely connecting to your server. Most of the stuff that I have read indicates that you cannot trust anything that the clients sends as a base rule and do all the calculations server side. That is all well and good for true multiplayer games, but what if you just want a highscore backend for a single player game. For example I am making a tetris game. The main part of it is pretty much done, but I thought it would be cool to add in high scores. After looking through some documentation on this, my initial thought of just sending the highscore at the end of the game to the server to see if it was a new highscore is crazy hackable. To do all calculation server side is not really that big of a problem with node.js since i would just have to transfer the functions to the server, but that means that every game is going to have an open session with lots of communication going back and forth. This seems like a lot of strain to put on a server for just the ability to have high scores.
What would you guys do in a similar situation to mine?
PS I tried to do a search, and while it did populate results, when i clicked on them it got a permission denied tried to access index.php. If i navigated directly to the forum where the post was, I was able to view the post just fine.