This is a variation on a very old problem:
When code is executed on the client, the client always has a way to modify
the code that is executed. A practical example for this are the 'cheats' for
computer games, they simply poke some bits around in the client's memory,
and woot you have lots of {game valuable resources}. This is unavoidable,
since the user could always open his javascript console and make some hand
crafted call, or even craft custom http requests that update the app data.
Even if you blocked those actions (which you can't), the user could still
theoretically flip some bits in his RAM and modify the internal state of the
application running on his/her computer.
Now for applications (and games) that are executed on the client but don't
offer any networked functionality this isn't such a big problem, sure it'll
change the intended experience but that's all; However with networked
apps/games, the situation is much more severe, as is the case with social
applications. So the solution for this is to make sure that all these
actions that have some value happen on the app/game developers server, and
the resulting data is transmitted back to the client, in other word the
client only sends: "Move cursor left", or "Clicked on this tile" or "Clicked
on the sell button", and the server performs the appropriate logic, thus
guaranteeing the validity of your data.
On Thu, Mar 12, 2009 at 6:37 AM, marcdmarc <marcdur...@gmail.com> wrote:
>
> Any ideas anyone?
>
> On Mar 11, 1:49 am, marcdmarc <marcdur...@gmail.com> wrote:
> > Hello,
> >
> > I am new to opensocial and the persistence data api. I would like to
> > clarify how this works, as I am building a game that keeps score of
> > players. The app has actions that earn a player more points, but
> > some
> > actions earn a player more points than others. I would like to make
> > sure that
> > storing a players score data in the persistence api is not subject to
> > gaming by people who have installed the application, such as a player
> > adding points to their application data, or by performing actions that
> > are not yet available to them.
> >
> > I imagine that a savvy player may try to execute code within their
> > application that may try to increase their score, perform actions that
> > are not yet accessible to them, or by changing values in the
> > opensocial applications code that would allow them to add more points
> > than what
> > should be added. Is this possible, and if it is, what is
> > the best way to prevent this? If it is not possible, could someone
> > please explain why?
> >
> > Gaming by creating alliances in a game may be an example of acceptable
> > gaming, but not in the context of a savvy malicious user that
> > manipulates application code to increase points.
> >
> > Thanks to anyone who can shed light on this topic.
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OpenSocial Application Development" group.
To post to this group, send email to opensocial-api@googlegroups.com
To unsubscribe from this group, send email to
opensocial-api+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/opensocial-api?hl=en
-~----------~----~----~----~------~----~------~--~---
