HTML5多人游戏安全解决方案 [英] HTML5 Multiplayer Game Security Solutions

问题描述

现在有一些简洁的画布演示的经典平台，甚至在HTML5的3D fps游戏，下一步可能是尝试开发多玩家HTML5游戏。 HTML5套接字支持使得这个过程相对简单，但是在浏览器中任何人都可以看到客户端来源， HTML5前端多用户游戏的基本游戏安全功能的一些解决方案 - <

Now that there are a couple of neat canvas demo's of both classic platform and even 3D fps games in HTML5, the next step might be to try developing a multiplayer HTML5 game. HTML5 socket support makes this relatively straight-forward, but with client-side source being viewable by anyone in the browser, what are some solutions for basic game security features for a HTML5-frontend multiuser game -- such as being able to prevent a faked high-score submit?

推荐答案

简单的答案是：你可以不能信任来自客户端的数据，这意味着高分提交不能来自客户端。

The simple answer is: You can't trust the data from client, which means that the high score submit can't come from the client.

由于代码客户端可供任何人检查，没有办法信任客户端发送您的服务器的数据。即使您使用每个用户的加密密钥（这是可能的）加密数据，用户可以简单地更改浏览器中的代码，并更改发送到服务器的值。

Since the code client is available for anyone to inspect, there's no way of trusting the data that the client sends your server. Even if you encrypt the data with a per-user encryption key (which is possible), the user can simply alter your code within the browser and change the values it's sending to the server.

由于您的游戏是多人游戏，如果服务器生成所有评分事件，这可能是可能的。如果服务器生成所有评分事件，则客户端从不向服务器发送评分数据，这意味着高分数据不能被伪造。

Since your game is multiplayer, this might be possible IF the server generates all the scoring events. If the server generates all the scoring events, the client never sends score data to the server which means that the high score data can't be faked.

必须处理欺骗，这是更具挑战性的，但这是另一个问题...

You'll still have to deal with cheating, which is even more challenging, but that's another issue...

这篇关于HTML5多人游戏安全解决方案的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！