阿贾克斯榜的安全性 [英] Ajax Highscores security

问题描述

我创建一个塔防游戏中的javascript，并希望有一个高的分数和其他多人互动。可能有几个玩家开始游戏的同时，告诉他们如何快速其他人会和这样的东西。

I'm creating a tower-defense game in javascript and want to have a high score and other multiplayer interactions. Probably have a couple of players start the game at the same time and tell them how fast the other guys are going and that kind of stuff.

我不知道该怎么flash游戏送他们的成绩或事件，以确保每一个客户端发送的信息实际上都是正确的，而不仅仅是某个人发送难以置信的成绩。我记得几年前，当flash游戏开始有高分，这是非常普遍地看到虚幻（黑客）分数和好...这是pretty的怪异不是;那么，什么是这里的秘密？

I don't know how flash games send their scores or events to make sure the information that each client is sending is actually correct and not just someone sending incredible scores. I remember a couple of years ago when flash games started having high scores, it was very common to see unreal(hacked) scores and well... that's pretty weird not; so what is the secret here?

推荐答案

人总是会能作弊的游戏...最好你能做的就是让人很难作弊。分数为老Flash游戏是非常容易操纵，因为比分将通过HTTP请求提交。嗅探流量将揭示提交URL和需要什么，以便更新比分传递变量。我希望，它已经改变了。

People will always be capable of cheating at games... the best you can do is make it difficult to cheat. Scores for old flash games were very easy to rig because the score would be submitted via an HTTP request. Sniffing the traffic would reveal the submission URL and what variables needed to be passed in order to update the score. I hope that it has since changed.

如果我是你，我会充分利用，将随着最后的比分，以验证该得分是合法的传递一些错误检查code。错误检查code算法应该是很难从一个评分，以确定（如果人嗅吧）。 JavaScript的应该也可以任意混淆。这是远不理想，但它应该阻止骗子的很大一部分。

If I were you I would make use of some error checking code that will be passed along with the final score in order to verify that the score is legitimate. The error-checking code algorithm should be difficult to determine from a score (if the person is sniffing it). The javascript should also be arbitrarily obfuscated. This is nowhere near ideal but it should deter a good portion of the cheaters.

这篇关于阿贾克斯榜的安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！