search

NullVoxPopuli / html5tetris

Automatically exported from code.google.com/p/html5tetris
0 stars 0 forks source link

High Scores are easy to spoof #9

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
True anti-spoof protection is nearly impossible. The next best method is to 
keep the score of the game in real-time on the server side. This means that the 
entire logical portion of the game needs to be re-written in python, and should 
be updated in real time along with the player's game, to verify that the way 
they got to that score was actually possible. Otherwise, they can just inject 
whatever score they want into the JS, and return the score.

That means that the only remaining exploit would be a tetris-playing bot. I'm 
cool with that, so long as they release the source for me to see :)

The exploiter said something about SOP, which has nothing to do with this issue.

Original issue reported on code.google.com by Leigh.Pa...@gmail.com on 31 May 2012 at 1:05

GoogleCodeExporter commented 8 years ago 
Curious to know if the game logic was ever ported to Python. If not, would you 
be interested to doing as a paid project?

Original comment by sc...@osube.com on 11 Mar 2014 at 3:11