How do I protect a users purchases?

Get help using Construct 2

Post » Sat Jan 17, 2015 5:32 pm

Hi, I want to add IAP and a store that uses currency you can ear in game. In addition you can purchase more currency with real money (IAP). I know that you can test to see if the user has purchased an item, but how can I protect them from clearing their cache or re installing? My fear is that someone will spend $1 for 1,000 of in game money, and potentially lose that 1,000 if they have to clear their cache for some reason. Is there a way to protect them from this without having to set up servers?
B
6
S
1
Posts: 71
Reputation: 548

Post » Sat Jan 17, 2015 6:35 pm

No. You must set up servers (or contract someone to do it for you).

The browser is unsecurable. So you should never, never, never rely on client-side security.
https://www.ravenheart.ca/home
Company name changed to avoid Facebook-type shenanigans

"Someone once told me I bite off more than I can chew...

I told them I would rather choke on greatness than nibble on mediocrity."
B
22
S
6
G
1
Posts: 1,414
Reputation: 4,822

Post » Sat Jan 17, 2015 7:15 pm

gumshoe2029 wrote:No. You must set up servers (or contract someone to do it for you).

The browser is unsecurable. So you should never, never, never rely on client-side security.


So does everyone who uses IAP set up servers or just put a warning?
B
6
S
1
Posts: 71
Reputation: 548

Post » Sat Jan 17, 2015 7:24 pm

They all use servers. Otherwise you are throwing your customers (or yourself) under the cybersecurity bus by letting people steal their data (or letting them manipulate yours; like giving themselves free credits).
https://www.ravenheart.ca/home
Company name changed to avoid Facebook-type shenanigans

"Someone once told me I bite off more than I can chew...

I told them I would rather choke on greatness than nibble on mediocrity."
B
22
S
6
G
1
Posts: 1,414
Reputation: 4,822

Post » Mon Jan 19, 2015 5:21 pm

gumshoe2029 wrote:They all use servers. Otherwise you are throwing your customers (or yourself) under the cybersecurity bus by letting people steal their data (or letting them manipulate yours; like giving themselves free credits).


Alright, thanks for the info. Would it still be risky to use a pay to remove ads feature? That would not require servers, correct? It would just require the game to check if the IAP has been made through their Google/Apple account so it can restore the purchase.
B
6
S
1
Posts: 71
Reputation: 548

Post » Mon Jan 19, 2015 7:40 pm

I don't see how you can escape a server. The very basis of Construct is HTML games, which implies a web server to run your HTML files on. I guess I am a little confused by your skittishness with servers.

The server is the only safe place where you can do any kind of state tracking. The client only exists to display whatever the server tells it to. You cannot really run an HTML game apart from a server.

State tracking server-side is done by sessions, like this: http://machinesaredigging.com/2013/10/2 ... sion-work/
https://www.ravenheart.ca/home
Company name changed to avoid Facebook-type shenanigans

"Someone once told me I bite off more than I can chew...

I told them I would rather choke on greatness than nibble on mediocrity."
B
22
S
6
G
1
Posts: 1,414
Reputation: 4,822

Post » Mon Jan 19, 2015 10:47 pm

gumshoe2029 wrote:I don't see how you can escape a server. The very basis of Construct is HTML games, which implies a web server to run your HTML files on. I guess I am a little confused by your skittishness with servers.

The server is the only safe place where you can do any kind of state tracking. The client only exists to display whatever the server tells it to. You cannot really run an HTML game apart from a server.

State tracking server-side is done by sessions, like this: http://machinesaredigging.com/2013/10/2 ... sion-work/


https://play.google.com/store/apps/deta ... .com&hl=en

It is a mobile game, not web or desktop. It is my first game and more of a learning tool for me. I did not want to spend money on servers just yet since it is a simple high score game with not much depth. I would like to add more features which is why I am trying to get more info on IAP or in game stores.
B
6
S
1
Posts: 71
Reputation: 548

Post » Mon Jan 19, 2015 11:48 pm

You do not have to use a server, most stores (iap restore purchases) will provide a way to deal with lost data.
If you do want to keep a users data, and don't want to own a server, you can use a service.
viewtopic.php?t=91232&start=0
Image ImageImage
B
168
S
50
G
163
Posts: 8,221
Reputation: 105,061

Post » Tue Jan 20, 2015 6:48 pm

newt wrote:You do not have to use a server, most stores (iap restore purchases) will provide a way to deal with lost data.
If you do want to keep a users data, and don't want to own a server, you can use a service.
viewtopic.php?t=91232&start=0



Thanks
B
6
S
1
Posts: 71
Reputation: 548


Return to How do I....?

Who is online

Users browsing this forum: davidbox, Mayfly, Yahoo [Bot] and 4 guests