0

So I'm writing a game client using WebSockets. However, I want to prevent people from cheating and sending certain data to the server. Can people modify the html and javascript on the page to change what data is sent to the WebSockets?

If so, how can I prevent this from happening?

Dylan Dodds
  • 76
  • 1
  • 10
  • 5
    You can't prevent it, that is why validation has to occur on the serverside to make sure things are valid. – epascarello Dec 08 '13 at 15:44
  • Can you give me an example of how I can validate the data? – Dylan Dodds Dec 08 '13 at 15:47
  • 1
    `if( data != "what it should be" ) print "Cheater!";` – JJJ Dec 08 '13 at 15:50
  • You need to have business logic in the server. I have no idea what your game is. If it was tictactoe, you would need to make sure they could move to that spot. – epascarello Dec 08 '13 at 15:54
  • 1
    Lots of other things you can find with Google about preventing cheating in online games. Here's one: http://stackoverflow.com/questions/5250403/what-good-ways-are-there-to-prevent-cheating-in-javascript-multiplayer-games – jfriend00 Dec 08 '13 at 15:56
  • I see you're new to SO. If you feel an answer solved the problem, please mark it as 'accepted' by clicking the green check mark. This helps keep the focus on older questions which still don't have answers. – Max Truxa Dec 19 '13 at 17:46

1 Answers1

1

This is the big thing about "cheating" and "hacking" in (multiplayer)games. Data that comes from the client (and sometimes even the server) can never be trusted.

Think about a "teleport hack" in a shooter game. Your client is sending your players new position to the server, as soon as you move. If you want to cheat, you can simply manipulate your client to send the coordinates of the position you want to teleport to.

Now there are two possible outcomes:

1) The developers did not care about cheaters, when coding the server side application. The server accepts the new position, although it is impossible that your client moved to that position since the last position update.

2) The developers were smart and wrote an intelligent server. Before accepting the new coordinates, the server validates if it is possible that your player moved to the given location since the last update. If it is, the server accepts it. If it is not, you get banned for the next 1000 years.

Max Truxa
  • 3,308
  • 25
  • 38
  • Thanks for the information. I guess it's like juhana said, I have the validate the data serverwise, so EVERYTHING must be done serverside – Dylan Dodds Dec 08 '13 at 15:59
  • The cool thing about this type of cheat protection is, that it actually works and can't be circumvented (assuming your server logic isn't bugged). The downside, that it can't be used to prevent *all* types of cheating. Something like an aimbot can't be detected on the server side reliably. – Max Truxa Dec 08 '13 at 16:03
  • Awesome, thanks! This is going to be a little difficult as it's a game that also acts as a game engine. So I have to check for certain data where modifications are permitted. – Dylan Dodds Dec 08 '13 at 16:35