Javascript code is editable?

Question

I made this like random lottery.

Generates random number from 1 to 10000
If it is smaller than 5000 double the value of your coins
if not take them away

When I tested that system I could make that your winning would be more than 2 times bigger by inspecting elements going to source and finding my JavaScript file and changing bet * 2 into bet * 999.

Now I need to remake it because I don't want that my websites users to cheat.

Instead of adding script from script file I wrote it directly in the HTML page between <script> code </script> and then I felt like god because I thought I fixed that.

Is this proper way to deal with this?

Blah blah blah blah blah... What are you trying to say? **Solution:** Deal with server side scripts and AJAX. — Praveen Kumar Purushothaman, Nov 29 '15 at 15:23
please use sentences and line breaks for readability. run on sentences are taxing to try to follow — Eric Phillips, Nov 29 '15 at 15:25

score 2 · Answer 1 · answered Nov 29 '15 at 15:43

All the code (HTML, CSS, Javascript) that you send to client (browser or other) is editable.

Never rely on client side validation.
Never trust user input even after server side validation, before dumping user input back on the page escape for XSS.
Never put your business logic in client side code.
Never trust user supplied date information as request date.
Give every form with CSRF parameter.

These are the most basic rules I can think of.

score 0 · Answer 2 · edited May 23 '17 at 11:44

Cheating on games is not about your source code being editable or not.

It's the same problem that the music industry had when people were freely copying and sharing they work, and they thought that DRMs were the way to go to avoid that. In the end, if you can listen to music on your computer, you will always be able to copy it.

The same goes for the source code of your game: you can hide it with obfuscation, cryptography or use schemes as complicated as you see fit but as long as it runs on your user's computer, they will be able to change it.

Now, if one of your users change the code locally and have the game report fake winnings that's not a problem as long as it's not real money, and as long as that does not change the gaming experience of other users.

I recommend reading the following question. It's not a duplicate but most of your questions should be answered by reading all answers: What good ways are there to prevent cheating in JavaScript multiplayer games?

Javascript code is editable?

2 Answers2