Protected information storage

Discussion and feedback on Construct 2

Post » Tue Mar 06, 2012 8:01 pm

It seems to me that simple WebStorage is not safe for protecting game information (points, level progress, etc.). Because anyone can open game in Google Chrome, press F12 and edit whatever he wants!

( Sorry if this has been Privacy information :P )

So I want you to ask about some methods to avoid editing that information by user.
B
38
S
15
G
6
Posts: 238
Reputation: 7,760

Post » Tue Mar 06, 2012 8:11 pm

I suggest you to save a hash.
And then, within AJAX, you get the player info indexed by this hash ;)

That's what i'm doing...
English is not my native language. Sorry for any mistakes and feel free to correct me if needed.
B
14
S
5
G
3
Posts: 110
Reputation: 3,225

Post » Tue Mar 06, 2012 8:21 pm

so...? Don't waste time fighting against cheaters, let them have their fun.
If you have a highscore table, people who want to cheat will use cheat engine or something similar to hack anyways, and your second best bet (the first being encryption, which is futile since you'd have to decrypt the info in order to read/write) would be to check the validity of the data, which is a complex task (and also a losing battle, since a savvy player could find out how you do said validity checks and spoof his data in order to cheat while passing validation).
If your game truly is sensitive to cheating, such as a multiplayer game, you should have an central, authoritative server and distrust client info, in which case all localstore info is just for caching anyways, so it doesn't matter if the client alters it.Fimbul2012-03-06 20:22:53
B
35
S
8
G
8
Posts: 532
Reputation: 6,868

Post » Wed Mar 07, 2012 9:46 am

[QUOTE=Cassianno] I suggest you to save a hash.
And then, within AJAX, you get the player info indexed by this hash ;)

That's what i'm doing...[/QUOTE]

Can you tell me more or just show example?Vladoss2012-03-07 09:46:46
B
38
S
15
G
6
Posts: 238
Reputation: 7,760

Post » Wed Mar 07, 2012 4:44 pm

Vladoss, should be something like that:


>On start layout: Ajax.Require("http://yourscript.php?gethash");
                  Set Ajax.LastData to Webstorage.Local("playerHash");

At every event that changes level or points you need to within Ajax, send the atribute that changed and the hash: Ajax.Require("http://yourscript.php?setlevel=5&hash"&WebStorage.Local("gameHash"));

Or make a Every x seconds event that will update, like the same method above, those points (using a object variable or global variable, depending on what you have).

It's a bit more secure compared to just store the atributes at the client side, but as the atributes are sent trough Ajax, they can be changed too.

If you don't have to upload to Arcade and CAN use third-party plugins, you can use the CBHash plugin made by @Kyatric and add some checksums to the values passed, so the player will have EVEN MORE difficult to change the atributes passed, even if theyre crystal clear on the ajax URL required.


Edit: i'll try to make an example .capx if i have time, ok?
Cassianno2012-03-07 16:45:58
English is not my native language. Sorry for any mistakes and feel free to correct me if needed.
B
14
S
5
G
3
Posts: 110
Reputation: 3,225

Post » Wed Mar 07, 2012 5:56 pm

[QUOTE=Cassianno]

Edit: i'll try to make an example .capx if i have time, ok?
[/QUOTE]

Sure.
B
38
S
15
G
6
Posts: 238
Reputation: 7,760


Return to Construct 2 General

Who is online

Users browsing this forum: gamecorpstudio and 14 guests