[英]How do I prevent cheating when user clicks a button
So I wanted to develop a small clicker game to get my feet wet and it would also answer my question which I have in regards to cheating.所以我想开发一个小点击游戏来让我的脚湿透,它也能回答我关于作弊的问题。
So this is the concept there is a blank page with a Button
and a <h1/>
There will be a registration process and the user will get put in a databse with a Score
column as well as the Username & password etc.所以这是一个概念,有一个带有
Button
和<h1/>
的空白页面,会有一个注册过程,用户将被放入一个带有Score
列以及用户名和密码等的数据库中。
When the user clicks on the Button
I want to add a point to that user that then gets put into the Score
column in the databse so that the score gets saved and also displays on the page in the h1
tag当用户单击
Button
我想向该用户添加一个点,然后将其放入数据库的Score
列中,以便保存分数并显示在页面上的h1
标记中
Now if I do it through JavaScript, accessing the database through the Client and adding points from the Client then that feels like I would invite nothing but cheaters and a lot of security issues.现在,如果我通过 JavaScript 来完成,通过客户端访问数据库并从客户端添加积分,那么感觉就像我只会邀请作弊者和许多安全问题。
So my question is.所以我的问题是。 How do I prevent cheaters by maybe creating a button and then hooking that up with a Function in my
Controller
so I can deal with it server sided.我如何通过创建一个按钮然后将它与我的
Controller
一个函数连接起来来防止作弊,这样我就可以在服务器端处理它。
<body>
<h1>Playground</h1>
<h1>Points @Model.Coins</h1>
<h1 id="Points">0</h1>
<button id="PointsButton">Points!</button>
<script src="~/js/PointSystem.js"></script>
</body>
JS JS
let i = 1;
let button = document.getElementById("PointsButton");
let DisplayPoints = document.getElementById("Points").innerHTML;
DisplayPoints = i;
button.onclick = AddPoints;
function AddPoints() {
}
First, you should rethink whether you need to stop cheaters, secondly anything you send to the client is ultimately hackable.首先,您应该重新考虑是否需要阻止作弊者,其次,您发送给客户端的任何内容最终都是可破解的。
It sounds like you need something from the server that authenticates the transaction as legitimate.听起来您需要来自服务器的某些东西来验证交易是否合法。 How to do this semi-securely is really to broad of a question for this site,
如何半安全地做到这一点对于这个网站来说真的是一个很广泛的问题,
If you ignore the security concern until it's necessary, you can do this via XMLHttpRequest or fetch on newer browsers.如果您在必要时忽略安全问题,您可以通过 XMLHttpRequest 或在较新的浏览器上获取来执行此操作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.