Menu
As far as I know, it's really not possible, but I just want to be sure before I'm moving to flash.
can I make an html5 game secure enough so people won't be able to change their score and other variables while playing?
thanks!
802
For lots of reasons, HTML5 is now the favourite development technology for web developers and game developers. It can offer both 3D and 2D graphics, coma offline assets storage, audio APIs, and full support for nearly every web browser imaginable. So here are the top 10 advantages of using HTML5 in game development.
html file is going to be very simple: once you have a basic HTML layout, create a div with the ID "game" , and then two more divs inside of it with the IDs "character" and "block" .
TL;DR: There are only really two techniques you should use to make your game playable offline: Web Storage (local storage) and Appcache. Use local storage to store only information and not to store your games files and assets (especially JavaScript).
Adding the game to your site is as simple as pasting that embed code. Place it in between the <body> tags of your HTML document, wherever you would like the game to be displayed. Follow the terms of service. Most game websites have a terms of service for other websites embedding their games.
There is no "depends", the straight answer to your question is "no" and I think my fellow answerers simply muddied the waters.
You cannot trust the client. With any language, whether you're writing assembly or HTML or Flash, you cannot trust the client. No matter how much you wrap your code in obfuscation and such, it can and will be figured out (and often quicker than you might think).
This is stressed everywhere and yet people keep getting bit by it. Online games get "speedhacked" because they don't check the velocity of players, or they get item duplication because they don't verify that a player actually has an item that they're trying to do something with, or the lame little flash games get hiscore entries of 9999999 because a simple tool like Tamper Data (a Firefox add-on) is all it takes to change the score as it's sent to the server.
You can't trust the client, whether HTML5 or Flash.
If it's a single-player game, let the player cheat. That is their decision. If it's a multiplayer game, the server verifies every step of the game and anything outside of the rules is thrown out. If it's hiscores, send a replay of the game to the server and analyze it for any cheating rather than sending just a numeric score.
170
since your users can see all the source code this is a rather complex problem. they can easily change any function or variable at runtime without your script ever knowing. even if use a complicated signing function to validate the results.
and i am sorry but i don't think colins way would work either. i could just change any input to make the server do whatever i want.
maybe a constant monitoring of the score thru the server would be able to detect any impossible changes. still someone cheating in the realms of "possible" results would be uncaught.
in the end i would say u can only make it rather difficult to cheat but not impossible for someone with a little bit of skill.
don't use it for any games where u can win something by scoring the highest.
since the matter seems rather puzzling to people:
flash delivers compiled swf files, that cannot (since flash 9) be decompiled to useful.smth
so u can put a secret in there which you use to sign the score.
i.e. send the score and the md5 of score+secretkey. so the server (which also knows the key, can check it).
furthermore flash variables are not so easy to temper with (you would have to find them in ram and alter them there, which is a very complex task), while javascript vars can be easily edited using, for example, webkit developer tools
update
actually i correct myself => all swfs can be decompiled this just leaves us with code obfuscating and "encrypting"
i guess the world is a bad place after all ;)
25
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
