Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to securely submit a high score in a front end game to prevent post hijacking [closed]

Tags:

javascript

security

frontend

Given a Client Side Game (lets call it game X) and a server side database that stores the high scores how can after the end condition of the game securely sumbit a high score to the server in a way that can only be done if the game was actually played (thus to prevent post hijacking).

Given this problem set here are a few ideas I have been thinking about

** Upon the game start send a session ID that expires after a given amount of time to be sent to the server for verification

the problem is that this could be easily exploited by requesting the start id then just forging the score

** Checkpoints within the game that post to the server to verify the person is actually playing the game

again this could be synthesized with some crafty scripting

like image 348
samccone Avatar asked Aug 10 '11 17:08

samccone

3 Answers

Upload a replay of the game and verify the score from that replay on the server. Of course this works only if your game supports replays.

At minimum create a rough log of what's happening ingame and apply some plausibility checks.

You should also add some ingame consistency checks. Else I'll just use a tool like ArtMoney and change the score during the game.

But in the end if the user writes a bot it gets really hard.

like image 73
CodesInChaos Avatar answered Nov 15 '22 14:11

CodesInChaos

There is no way for you to prevent the client side from being manipulated. It is being controlled by the player and he could introduce subtle changes to the client-side application logic that won't be detectable on the server side. The only solution I am aware of is sending all user actions to the server (all at once at the end of the game or continuously while the user is playing) and having the server verify them (recalculate the score). If the actions result in the score that the user claims to have achieved then accept the score. If the actions don't match the score - reject. It will be much harder to generate fake actions that are logically consistent. It won't prevent all cheating techniques however (google for "aiming proxy", something similar might be possible in your game as well).

like image 5
Wladimir Palant Avatar answered Nov 15 '22 12:11

Wladimir Palant

Do this... take your session id from the server, combine it with something in the game and use that as an encryption key, then in your submit data send whatever data you want + a timestamp or something else from the checkpoints in the game

Maybe use SessionID + checkpoint id for the encryption key

like image 1
iamkrillin Avatar answered Nov 15 '22 13:11

iamkrillin
Sign in to Comment

Related questions

ReactJS - How to change style and class of react component?
Changing Speed of Audio Using the Web Audio API Without Changing Pitch
How to use links in Medium Editor?
Relative URL as hostname in Nock
Angular 2 - Http Get request - pass json Object
ES6 Map in Flowtype
How can I type a default export using Flow?
No kotlin.js file output by kotlinc-js
How can I pass props down in Angular 2+ like React?
How to load dynamic HTML into DIV with component? Angular5
How to get rid of Function calls are not supported in decorators in Angular aot compiling?
Is re-exporting modules harmful for tree-shaking?
The javascript Promise problem that has bothered me all day [duplicate]
Is it possible to detect animated gif images client side?
how to write your own right click menu and disable the default using jquery/javascript
DOM Window unload event, is it reliable?
Web crawler that can interpret JavaScript [closed]
Viewing HTML response from Ajax call through Chrome Developer tools?
Why don't I just build the whole web app in Javascript and Javascript HTML Templates?
JavaScript on iOS: opening an HTML select element

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!