问题
Context
I have a web game in JavaScript.
I send scores and achievements with AJAX during the game.
So anyone can view the source code, copy this request and cheat on my game.
Questions
- Any idea of how prevent this?
- With a token from server (I never used this system)?
Code
jquery:
$.post('ajax/score.php', {pseudo: $pseudo, score: $score, achiev: $achiev},
function(data) {
$('#loader').show().delay(3000).fadeOut(1000);
}
);
php:
if (isset($_POST['pseudo']) &&
isset($_POST['score']) &&
isset($_POST['achiev'])) {
...
}
回答1:
As the game is client side, there is no way to ensure that they do not "cheat". There are ways to make it more difficult.
- Have all calculations performed serverside, and send back tokens...this may not be possible/feasible for your game.
- Change the code served each time so that it will require more time to "decipher" all the requests.
- Obfuscate the code...this is only a deterrent.
- Have "tokens" sent during the game to see if the data matches (for example you can't win the racing game in 5 sec)...this too can be spoofed.
As long as the game is client side, it cannot be "secured".
来源:https://stackoverflow.com/questions/8278865/prevent-ajax-cheating-on-a-web-game