防止在Rails/html5游戏应用中作弊(Rails 3.2/html5/javascript) [英] Prevent cheating in Rails/html5 game App (Rails 3.2/html5/javascript)
问题描述
我想知道在以下情况下是否有可能防止作弊
I'd like to know if it's possible to prevent cheating in the following case
- 我有一个Ruby on Rails应用程序和一个Active Record数据库
- 我有用户(模型用户),可以玩游戏(模型游戏),并且有奖品(模型奖).
我想要的是:
1-防止玩家欺骗/窃取奖金(他赢了的奖杯)
2-防止玩家欺骗自己所拍摄的nb球
由于一个用户可以赢得多个奖品,并且奖品可以属于多个用户,所以我有很多对很多的关系:我为此使用了一个表格/模型Winnings,其中列出了每个用户在游戏中赢得的所有东西(一个用户有很多胜利而且奖品有很多奖金)
As a user can win multiple prizes and prizes can belong to multiple users, I have a many_to_many relations: i use for this a table/model Winnings that lists all stuff won in the games by each User (a user has many winnings and a prize has many winnings)
玩家有一定数量的投篮,比方说每位使用者3次.
Players have a certain number of shots, let's say 3 per user.
对于1-,基本上,我想每次用户在游戏中赢得奖金时,我都会向服务器发送一个网址,例如: mygame/com/?winning_id = 1234; game_id = 3; user_id = 6; prize_id = 4,告诉服务器ID为6的用户在ID为6的游戏中赢得了ID4的奖金
For 1-, basically, i guess everytime a user wins a prize in a Game, i'll send the server a url like: mygame/com/?winning_id=1234;game_id=3;user_id=6;prize_id=4, telling the server the user with id 6 has won a prize with id4 in the game with id 6
我不希望玩家能够作弊.我怎样才能做到这一点.任何玩家都可以只使用上面的网址,然后以这种方式向我的服务器(帖子)发送一条消息/操作,告诉他他赢了吗?那会很容易骗人吗?
I don't want players to be able to cheat that. how can I do this. Can any player just use that url above and send this way a message/action to my server (post) telling him he won? that would make it freaking easy to cheat?
我应该加密内容/URL,并使该URL/消息只能由我的服务器理解吗?
Should I encrypt stuff/the url and make the url/message only understandable by my server?
对于2-(快照),我认为我应该每次将动作发送到服务器端并在服务器端计算分数,但他还是不能像1-那样作弊吗?
For 2- (shots), I think I should send actions to server side every time and calculate scores at server side but still can't he cheat the same way as 1-?
推荐答案
除了使用上面palainum的答案中提到的post之外,如果需要,您可以在自己的任何位置添加字符串(而不是ID)网址可以编辑且可见的游戏.
In addition to using post as mentioned in the answer from palainum above, if needed, you could add a string (instead of an ID) in any place in your game where the URL could be edited and is visible.
背景-我的一个应用程序中遇到了类似的问题(如果更改了URL,人们可以推断/编辑号码并作弊).我克服的方法是为URL中的项目生成唯一的代码.
Background - I had a similar problem in one of my apps (where if a URL was changed people could deduce / edit the number and cheat). The way I overcame it was to generate a unique code for the item in the URL.
为此,我将一个字符串属性添加到名为url_code的Winning模型中,使其成为必需且可索引:
To do this, I would add a string attribute to Winning model called url_code, make it required and indexable:
add_column :winning, string :url_code, :null => false, :index => true
在模型中添加after_initialize回调:
Class Winning
validates :url_code, :uniqueness => true
after_initialize :create_url_code
def create_url_code
self.url_code=SecureRandom.hex(4) if self.url_code.nil?
end
并且在使用ID的情况下将其用作参数(类似于您的控制器中的问题)...
And use that as a parameter in the cases using an ID is a problem (similar to this in your controller)...
@winning = Winning.find_by_url_code(params[:id])
Also, you could do the same thing for your users URL (or if you need to display it every in URL) by using the user.name as a friendly_id.
编辑-刚刚修复了我输入offer_code而不是url_code的错字.
edit - just fixed a typo where I had offer_code instead of url_code.
这篇关于防止在Rails/html5游戏应用中作弊(Rails 3.2/html5/javascript)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
