javascriptanti-cheat

JavaScript 'Hacking' — is it possible to prevent sockets from being received, or functions from being called?


Quick question: I'm building a multiplayer game in HTML5/Socket.io with phaser as the game framework. I'm pretty far in right now, and to the stage of adding prevention to hacking.

Basically my question in simple terms: is there anyway for potential hackers to change the source code live or before they have their browser run? Currently I have an authoritative server, and my game wrapped in an anonymous function which works really well, but I was curious as to if it was possible for someone to modify my source code, send foul things to the server, or disable certain sockets from being received?


Solution

  • Basically my question in simple terms, is there anyway for potential hackers to change the source code live or before they have their browser run?

    Yes, it is possible for anyone to take your javascript from the browser and modify it any way they want or send anything they want to your server.

    Javascript in a browser is entirely unsafe and completely open to anyone who uses the right tools to see it.

    Similarly someone can send anything they want to your server either from your existing web page or from their own program.