如何在前端游戏中安全地提交高分以防止劫持后 [英] How to securely submit a high score in a front end game to prevent post hijacking

问题描述

给定客户端游戏（让我们称之为游戏X）和存储高分的服务器端数据库如何在游戏结束条件下安全地将高分数汇总到服务器中这种方式只有在游戏实际播放时才能完成（因此可以防止劫持后发生）。

Given a Client Side Game (lets call it game X) and a server side database that stores the high scores how can after the end condition of the game securely sumbit a high score to the server in a way that can only be done if the game was actually played (thus to prevent post hijacking).

鉴于此问题，我在这里设置了一些想法一直在考虑

**在游戏开始时发送会话ID，该会话ID在给定的时间后到期将被发送到服务器进行验证

** Upon the game start send a session ID that expires after a given amount of time to be sent to the server for verification

问题在于，这可以通过请求开始ID然后只是伪造分数来轻松利用

**游戏中发布到服务器以验证此人实际正在玩游戏的检查点

** Checkpoints within the game that post to the server to verify the person is actually playing the game

再次这可能与某些狡猾的合成脚本

推荐答案

上传游戏重播并验证游戏的分数在服务器上重播。当然，这仅适用于您的游戏支持重播的情况。

Upload a replay of the game and verify the score from that replay on the server. Of course this works only if your game supports replays.

至少要创建一个关于正在发生的事情的粗略记录并应用一些合理性检查。

At minimum create a rough log of what's happening ingame and apply some plausibility checks.

您还应该添加一些游戏一致性检查。否则，我只会使用像ArtMoney这样的工具并在游戏中更改分数。

You should also add some ingame consistency checks. Else I'll just use a tool like ArtMoney and change the score during the game.

但最终如果用户编写机器人，它会变得非常困难。

But in the end if the user writes a bot it gets really hard.

这篇关于如何在前端游戏中安全地提交高分以防止劫持后的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！