I was wondering if it was possible to specify an attribute in the manifest file or somewhere else, and disable the use of a javascript console in my app's window. Disabling the javascript console will not allow the user to simply give themselves money and they will be forced to play the game properly. Does anyone know if it is possible to disable the javascript console in an app? Will it possibly come out in the future versions of Chrome?
Asked
Active
Viewed 3,490 times
0
-
It will never happen instead encapsulate your code (as much as is possible) so its harder for the user to mess with what you dont want them to mess with. – megawac Oct 17 '13 at 00:02
-
How about controlling the "context menu"? – D.S Oct 17 '13 at 04:16
2 Answers
6
Access to the console is already lessened in a packaged app versus the open web or an unpacked app you're working on. The mouse context menu will not offer to enter the developer tools, and the chrome menu does not exist in apps. The only option is from the chrome:extensions page or Chrome Apps Developer Tools.
Motivated users will have several other routes, including modifying the source of your client. Processing with a javascript obfuscator will make it slightly more difficult.
If you must protect game logic to prevent cheating, you will need to do so from a server that validates player actions. This can work offline as well, by caching game actions and sending for verification when possible. But, at what point does this matter? If it is a single player game, not much. If there are leaderboards, make them social leaderboards so that cheaters only fool their friends. If it is fully multiplayer you already must validate. ;) Never trust the client.
Vincent Scheib
- 17,142
- 9
- 61
- 77
1
You need to use closures, and then you can protect the portions of the code they shouldn't be able to modify.
For example, say you had a game where they answer a simple math problem to get money, and when they have enough money, we'll say $1000, they can buy a gun. You don't want to let them be able to just add money to their account, but they should be able to answer questions to get money. You just expose the getMoney function, and hide everything else, like so:
var game = function() {
var money = 0;
var hasGun = false;
var getMoney = function() {
response = prompt("What is 2+2?");
if (response == 4) money += 100;
alert("You have $" + money);
}
var showMoney = function() {
console.log(money);
}
var buyGun = function() {
if (money >= 1000) {
hasGun = true;
money -= 1000;
alert("You bought a gun!")
}
else alert("Not enough money!")
}
//we'll use this to expose methods and variables.
var public =
{
getMoney: getMoney,
buyGun: buyGun,
showMoney: showMoney
}
return public;
}()
game.getMoney();
The only thing they can access within your expose function from the console is the ask method, and the showMoney method. The only way to get more money is to do it through the ask method. Even if, in the console, they wrote:
game.money = 1000;
game.showMoney(); //returns 0;
game.hackForMoney = function() { money = 1000; }
game.hackForMoney();
game.showMoney(); //returns 0;
game.showMoney = function() { return 1000; }
game.buyGun(); //alerts "Not enough money!"
Now someone can access the console and it doesn't matter.
dave
- 62,300
- 5
- 72
- 93
-
This is only half the answer. You also need to restrict them from redefining all the properties of game (and game itself, which is really `window.game`) by making them read only properties. See here: http://stackoverflow.com/questions/366047/can-read-only-properties-be-implemented-in-pure-javascript/366086#366086 – Don Rhummy Oct 19 '13 at 06:37