Thursday, February 7, 2019

security - How can a web game store points online without giving the user the possibility to do the same call but with more points?




Imagine I have an HTML5 web game where the user can get points by doing certain activities. The game can be played offline, so there's not necessarily a live internet connection (note: this makes this question other than existing questions). Game state will then be synchronized at a later moment.


How can the frontend tell the server that the user has indeed gained those points without giving the user the ability to cheat? E.g. by doing a REST call with a multitude of his points? How can the server tell the difference between a real call and a fake call?


What I can think of is to send not the points, but e.g. all the moves of the game, and then the server recomputes the game and calculates the gained points? But that is quite hard, and the game must be deterministic in order to give the client and server the exact same result from the moves.


Does anybody know how existing games implement this? Or how it could theoretically be done?



Answer



You might think it's hard, but the way you came up with is the way to do it:



send not the points, but e.g. all the moves of the game, and then the server recomputes the game and calculates the gained points



(this is just one of a million reasons why developing multiplayer online games is harder than developing single-player games)



No comments:

Post a Comment

Simple past, Present perfect Past perfect

Can you tell me which form of the following sentences is the correct one please? Imagine two friends discussing the gym... I was in a good s...