

Ask HN:  Effect of losing flash on games devs? - moomin

I can't help noticing that pretty much every JavaScript game is trivially hackable.  Is there a way to prevent this without going client/server and building a significantly more expensive product?  Is this even a problem?
======
Hrundi
I'd say that your last question is key here. Is there a problem, really? Well,
it depends on the target of your game.

You can apply several layers of security on top of your game, and you will
likely deter 99% percent of tinkerers.

You'll never be able to stop someone really determined into breaking your
game.

I've had some experience before with games and the hacking around it. There
are many measures to take in account, but they depend very much on the game in
question.

The fact that a game is made in flash is never an impediment to hacking.

Some games will only send short, timestamped input signals to the server. The
server runs a simulation of the game and it has an authoritative state of the
game. Then, it is a matter of sprinkling several validation checks related to
the player's position, where can he shoot at, etc.

Once you get to that point, you'll say to yourself: "Is this really worth the
hassle?"

It really depends on your game. If it is a puzzle and you are worrying about
the leaderboards being hacked (an incredibly easy thing to do sometimes), then
you should summarize the game's actions and come up with a hard limit.
Meaning, you should ask the question: "How many blocks can the player destroy
in the 30 seconds that this round lasts?"

If you sum up the time from when the player clicks a block, animation triggers
and then the block is destroyed, and that number is 1 second, then it is
likely that the player won't be able to destroy more than 30 blocks during a
round.

I don't know, this is just an example but it can be way different from what
you want.

Let me know the type of your game and I can give you a few pointers if you
like. While hacking may not be a problem, it sure is a lovely subject to
research and analyze.

I'm sure you know this but it is always good to have in mind: never trust the
client.

------
Joakal
Homomorphic encryption is probably something to consider. It'll make your
games a million times slower though.

