Protected information storage

Post reply

❤Follow Topic(3)

0 favourites

6 posts

From the Asset Store

Firebase BASIC Pack- Auth, Database, Cloud Storage, Firestore

$16 USD

Basic Plugins for Firebase Authentication, Realtime-Database, Firestore, Cloud Storage

Sparsha

- Waltan
- - Joined 5 Jul, 2011
  - 62 topics • 242 posts
- 1
- 6 Mar, 2012
- Quote
It seems to me that simple WebStorage is not safe for protecting game information (points, level progress, etc.). Because anyone can open game in Google Chrome, press F12 and edit whatever he wants!

( Sorry if this has been Privacy information :P )

So I want you to ask about some methods to avoid editing that information by user.
- Cassianno
- - Joined 2 Mar, 2012
  - 11 topics • 234 posts
- 1
- 6 Mar, 2012
- Quote
I suggest you to save a hash.

And then, within AJAX, you get the player info indexed by this hash ;)

That's what i'm doing...
- Fimbul
- - Joined 12 Aug, 2011
  - 23 topics • 521 posts
- 1
- 6 Mar, 2012
- Quote
so...? Don't waste time fighting against cheaters, let them have their fun.

If you have a highscore table, people who want to cheat will use cheat engine or something similar to hack anyways, and your second best bet (the first being encryption, which is futile since you'd have to decrypt the info in order to read/write) would be to check the validity of the data, which is a complex task (and also a losing battle, since a savvy player could find out how you do said validity checks and spoof his data in order to cheat while passing validation).

If your game truly is sensitive to cheating, such as a multiplayer game, you should have an central, authoritative server and distrust client info, in which case all localstore info is just for caching anyways, so it doesn't matter if the client alters it.
- Waltan
- - Joined 5 Jul, 2011
  - 62 topics • 242 posts
- 1
- 7 Mar, 2012
- Quote
I suggest you to save a hash.

And then, within AJAX, you get the player info indexed by this hash ;)

That's what i'm doing...

Can you tell me more or just show example?
Try Construct 3

Develop games in your browser. Powerful, performant & highly capable.
Try Now Construct 3 users don't see these ads
- Cassianno
- - Joined 2 Mar, 2012
  - 11 topics • 234 posts
- 1
- 7 Mar, 2012
- Quote
Vladoss, should be something like that:

On start layout: Ajax.Require("http://yourscript.php?gethash");

Set Ajax.LastData to Webstorage.Local("playerHash");

At every event that changes level or points you need to within Ajax, send the atribute that changed and the hash: Ajax.Require("http://yourscript.php?setlevel=5&hash"&WebStorage.Local("gameHash"));

Or make a Every x seconds event that will update, like the same method above, those points (using a object variable or global variable, depending on what you have).

It's a bit more secure compared to just store the atributes at the client side, but as the atributes are sent trough Ajax, they can be changed too.

If you don't have to upload to Arcade and CAN use third-party plugins, you can use the CBHash plugin made by Kyatric and add some checksums to the values passed, so the player will have EVEN MORE difficult to change the atributes passed, even if theyre crystal clear on the ajax URL required.

Edit: i'll try to make an example .capx if i have time, ok?
- Waltan
- - Joined 5 Jul, 2011
  - 62 topics • 242 posts
- 1
- 7 Mar, 2012
- Quote
Edit: i'll try to make an example .capx if i have time, ok?

Sure.