Simple JavaScript game. How to secure ajax requests from falsification?

M

Mark Ivanych2016-06-21 22:36:41

JavaScript

Mark Ivanych, 2016-06-21 22:36:41

Hello, let's say there is a simple 3-level game in JS. The game has an overall "Best Playing Time" rating. When an unauthorized user passes the 3rd level, a request is sent to the server with the passage time.
Accordingly, anyone can see what request is being sent and substitute their time, thereby falsifying the rating. How to secure such requests?
Only one thing came to mind: to make an aes-token on the client through how to install a js-lib with a transit time stamp and decrypt and receive a label on the server. And the key itself, by which the token is encrypted, is hidden somewhere in the depths of js so that no one can find it. Well, I think it's too...

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Alexey, 2016-06-21
@alsopub

If someone sets a goal, they will send a fake request, because all the code is available on the client.
Options:
1) Code obfuscation, where something like md5 (time + something) will be calculated and checked on the server. It just increases the complexity of the algorithm search.
2) Recording and sending to the game process server, checking the game process on the server (depends on the game).

�

Артем Каюн, 2016-06-21
@Kayun

Считайте время на сервере. Когда игра начинается отправляйте старт запрос, когда заканчивается стоп запрос. А там уже вычисляйте разность.

R

Rou1997, 2016-06-21
@Rou1997

Никак не обезопасить, только затруднить "подделку", которая и так доступна совсем даже не "любому", и уж тем более не рентабельна в данном случае.