堆栈内存溢出
  简体   繁体   English

检测用户何时在浏览器中执行JavaScript

[英]Detecting when a user executes JavaScript in the browser

 原文  2019-03-29 19:10:10       javascript/ browser/ console/ developer-console

问题描述

I'm currently developing a fully-browser-based game (a la Cookie Clicker ) and I'm trying to minimize the possibility of users exploiting the visible JavaScript to cheat their game saves. 我目前正在开发一个基于浏览器的游戏(一种Cookie Clicker ),并且正在尝试最大程度地降低用户利用可见的JavaScript欺骗他们的游戏存档的可能性。 For the sake of explanation, let's look at a hypothetical function; 为了说明起见,让我们看一个假设的函数。 

let user = {
    money: 0
};

function addMoney(amount) {
    user.money += amount;
}

If this were a real function in my game, any user could simply pop open the developer console, type addMoney(1e100) , and instantly ruin any possibility of competitiveness among my potential player-base. 如果这是我的游戏中真正的功能,那么任何用户都可以简单地打开开发人员控制台,键入addMoney(1e100) ,立即破坏潜在玩家群体的竞争力。

I'd like to know if there's any way to disable external JavaScript input (be it through the developer console or through the use of javascript:() injections within the address bar) and if such a thing doesn't exist, is it at least possible to detect external JavaScript as opposed to JavaScript that was executed internally by the site itself? 我想知道是否有任何方法可以禁用外部JavaScript输入(通过开发人员控制台还是通过地址栏中的javascript:()注入使用),如果不存在这种情况,是否在与网站本身内部执行的JavaScript相对,最不可能检测到外部JavaScript?

2 个解决方案

解决方案1
 1 已采纳  2019-03-30 07:26:23

Say no more: 别说了:

If a 'cheater' is sufficiently determined (and skilled), you won't stop them, but obfuscating/minfying the code will make it much more difficult and deter the vast majority of them - certainly the casual ones. 如果一个“骗子”被充分确定(并且熟练),您就不会停下来,但是使代码模糊不清将使其变得更加困难,并阻止了其中的绝大多数-当然是随意的。 There are many available tools for doing that, and it is very easy to do.. 有许多可用的工具可以做到这一点,而且非常容易做到。

This is a very good one to use: 这是一个非常好的用法:
https://developers.google.com/closure/compiler/ https://developers.google.com/closure/compiler/

解决方案2
 1  2019-04-05 08:57:30

Besides the obfuscation options mentioned here, there are also JavaScript security tools like Jscrambler that break the code when any tampering attempt is detected. 除了此处提到的混淆选项之外,还有Jscrambler之类的JavaScript安全工具会在检测到任何篡改尝试时破坏代码。 They have an example that's identical to what you described. 他们有一个与您描述的示例相同的示例

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 检测用户浏览器是否关闭浏览器 - Detecting if the user browser closes the browser Chrome扩展程序/ Javascript检测Chrome浏览器中的用户语言 - Chrome Extension /Javascript- detecting user language in Chrome Browser Javascript - 检测浏览器版本 - Javascript - detecting browser version 使用浏览器和JavaScript检测GPU - Detecting the GPU with a browser and javascript 用户浏览器检测php中的信息 - user browser detecting information in php 检测浏览器窗口是否随JavaScript移动? - Detecting if the browser window is moved with JavaScript? 使用JavaScript RegExp检测特定的浏览器 - Detecting specific browser with JavaScript RegExp 通过Javascript检测浏览器插件 - Detecting Browser Plugin via Javascript 用 JavaScript 检测浏览器的在线状态 - Detecting online status of the browser in JavaScript 浏览器如何执行Javascript并异步呈现 - How browser executes Javascript and renders asynchronously
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM