0

Basically what the title says. I'm making a game and most of it is in js. My concern is that the player stats are all just variables in its object and they are easy to change in the browser console(e.g. player.hitpoints = 1000;).

Is there any way to hide certain objects/variables from being editable in the browser console?

Deni
  • 33
  • 5
  • Please share your specific use-case and the efforts you made to solve this problem, maybe post the code you've tried. – 31piy Aug 14 '18 at 11:02
  • Javascript running in a browser is in essence open for everyone to see *and* to change/influence through the Developer Tools. If you don't want that, then don't use Javascript in a browser. – Peter B Aug 14 '18 at 11:05
  • @PeterB But I am also curios to know if it is possible. Because when I open Facebook, and then open console Facebook post a big Red alert in the console. I would like to know how they do this. :) – Arup Rakshit Aug 14 '18 at 11:07
  • To just show a text like that, see here: [How do I create formatted javascript console log messages](https://stackoverflow.com/q/22155879/1220550) – Peter B Aug 14 '18 at 12:31

5 Answers5

2

JavaScript is clients side scripting language, that means that it is interpreter on the client's computer and he can do or change whatever he wants. You can uglify and minimize your code for obfuscation the code, but it won't prevent the user from changing it.

I just google "obfuscation javascript code online" and I found this link with a good example of before and after the obfuscation process - here

The differences are amazing...

The scion
  • 1,001
  • 9
  • 19
2

The other answers have already explained obfuscation and the inherent limitations of client side JavaScript. They are correct and relevant, but don't directly address the question.

To make it impossible¹ to access a variable through the browser console, you need to make it into a local variable inside a function. For example, instead of:

var player = {hitpoints: 100};

// game logic here

You would do:

(function() {
  var player = {hitpoints: 100};

  // game logic here
})();

This creates an anonymous function, and then immediately calls it, the so-called IIFE. Now player is no longer global (i.e. a property on the window object), but exists only within this function.

¹ It can still be done through the debugger, but it's a lot harder than just copying and pasting some commands.

Thomas
  • 174,939
  • 50
  • 355
  • 478
  • Do the round brackets around the function make it anonymous or is the act of declaring variables inside any function making those variables anonymous? – Deni Aug 14 '18 at 12:54
  • The lack of a name makes the function anonymous. The parentheses around it are just to make it parse correctly when followed by `()` (I'm not sure how it could be parsed any differently, but JS syntax can be weird.) – Thomas Aug 26 '20 at 10:37
0

You can use JWT to make immutable data that don't change very often. For your case, I would recommend storing the state on the server.

Shakil Ahmed
  • 181
  • 1
  • 3
  • 13
0

You can minify/uglify your code to make it trickier for someone to modify it, but the most important part would be to validate everything server-side. If their hitpoints equal 10 one second and 10000 the next, obviously something would be fishy and the server could prevent itself from broadcasting that out to the other players -- essentially isolating the ne'er-do-well to their own PC.

Sean D
  • 134
  • 3
0

Identifiers declared with let and const do have block scope. So if your variables are not declared with var then use a block statement.

Example: code:{ //your code... }

code: {
  let hitpoint = 12;
  let kill = function() {
    hitpoint -= 12;
  }
//function kill(){} is accessible from outside 
//let kill = function(){} is not accessible from outside

  console.log("From inside:", hitpoint)

} 

try {
  console.log("From outside:", hitpoint)
} catch (err) {
  console.log("From outside:", "It gives an error. So you can't access it from the console or anywhere outside the code")
}
Ufuk
  • 448
  • 5
  • 9