Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

OK, I am creating a game using JavaScript and HTML5. The variables such as map,

ID: 646203 • Letter: O

Question

OK, I am creating a game using JavaScript and HTML5. The variables such as map, x, y, level, exp, etc are stored in JavaScript to keep track. On my client page, the JavaScript variables are stored to play along with the game. Every 5 seconds, the client page sends a POST AJAX call to the MySQL database and it successfully updates it.

However a user can easily modify the JavaScript variables and cheat their way in the game. Then once they edit the JavaScript variables, the POST grabs that and updates it even though they edited it unethically.

So, how do I prevent this from happening?

Explanation / Answer

Game are really hard to develop, because you'll never be sure that no one will find the way to cheat. But there is some tips you can put in place to try to prevent cheat, in every type of game, whether it's written in Flash, JavaScript ...

The more important thing to think of is : You must never rely on client.

The server must

NEVER :

rely on datas sent by the client (ids, coordinates, power, prices won.. ).
save datas that it has not calculated and checked itself
ALWAYS

has an up-to-date version of the client's properties. the server must always rely on that properties to allow/disallow any action, calculate new properties, store properties in databases, send to clients
check the concordence between clients actions
allow or disallow the client to do any action (you want to move left ? I check if you can... Yes you can, your x is now lastx-1 / No you can not, you're at the map limit, your x is now lastx )
check if the elapsed time between two actions is possible. ( You asked me to jump. I replied you could, but that would take you 5 seconds before next action. You're asking me, two seconds after, to move right. It's not possible, you're jumping right now !).
The client must

ALWAYS
verify itself if it can perform an action before asking the server to do it =

Related Questions

OEC OEC OEC OEC Thylakoid lumen FKBP20-2 P18.3 Phosphorylation by STN7 and STN8
Question #257817
OECD Health Data File year 2013 or latest available data Canada France Sweden U.
Question #1223973
OEL 7) What A pongues eye gear sandals or Tops A) Methylene blue hylene blue Cry
Question #78116
OF WISCONSIN WATER ?1SO DUCTION TO CELL BIOLOGY-01 (Sum? asslist Groups Dropbox
Question #300455
OF YOUR WORK TO OBTAIN PARTIAL CREDT For problems using compound the nearest % i
Question #1116955
OFF CREDIT CARDS On recently received a credit card with an 17% nominal interest
Question #1171665
OFFICE (OFFICEID, ONAME, OADDRESS, OPHONENUM) ENGINEER (ENGINEERID, ENAME, ESALA
Question #3571403
OFFICE (OFFICEID, ONAME, OADDRESS, OPHONENUM) ENGINEER (ENGINEERID, ENAME, ESALA
Question #3571564

Navigate

Previous
OK, I already have the answer for the first part of the question, which is 5m, I
Next
OK, I couldn\'t rotate the picture for some reason. Answer both 3-17 and 3-18 fo

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.