I'm working on a web app where certain actions earn a user 'karma'. The karma increment is a simple AJAX request that increments a number in the DB. Now whats to prevent a user from making duplicate AJAX requests manually and increment their own score again and again?
Edit: The activity that earns the user karma is all happening client-side using javascript. So there is no way for the server to know if its a 'real' request coming from the app or a 'fake' request created by the user typing $.post on the console.
Edit2: Found a similar SO question dealing with this problem. Sounds like the answer is, security by obfuscation is the best bet. Guaranteed security is not possible. So any suggestions for encryption tools etc. that would make the content of the AJAX calls harder to read would be appreciated.
Rather than trying to stop people from cheating, you should focus on minimising the adverse effect that cheaters will have on non-cheaters:
If karma is being used as a 'high score' and you're worried about the user earning karma faster than they should then consider keeping a timestamp of the last time they earned karma and reject a request if it's too soon, and/or set a daily limit on karma earned so they can't automate the process when they're not at the keyboard.
If the action that earns karma for a user also has an effect on other users then it should be one ajax call that triggers both effects.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With