current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
Sign up ×
Game Development Stack Exchange is a question and answer site for professional and independent game developers. It's 100% free, no registration required.
up vote 2 down vote favorite

I have made a Javascript/html game. Now the problem I have is anyone can edit the client code and cheat in game for example there is a man shooting a enemy.

Man HP - 100 ENEMY HP - 50.

Now if someone changes the hp attribute to a very high value then he becomes literally immortal making the game easy. Now how can I prevent this type of thing ?

share|improve this question
    
Phillips answer is good but I wanted to add that ALL game clients have the same issue you do. You can modify the executable of any game in an attempt to cheat. You might find some good techniques by asking about or looking into how to help thwart cheating in games in general. – Alan Wolfe 3 hours ago
up vote 13 down vote

You can't.

Javascript is executed on the users machine. Whatever is executed on the client side can be manipulated by the client. All mainstream web browsers come with powerful debugging tools out-of-the-box which allow users to influence Javascript code even more than with the console. So the user doesn't even need any special software tools like they would for cheating in games implemented as binary executables.

You could try to minify and obfuscate your code beyond recognition (there are tools for that which you can integrate into your deployment script), but a determined hacker can still find out where you are hiding the important data. So you might slow them down, but you can not stop them.

The only way to prevent cheating in a web-based game is to implement all important game mechanics on a server where it is out of reach for the user.

But keep in mind that when your game has no multiplayer component or global leaderboards, then it is questionable if any work invested in preventing cheating is really providing any benefit. Cheaters can only hurt their own game experience while the honest players who want to play the game as designed won't be affected at all. Allowing a bit of cheating can even enhance the game experience because it allows players to experience the game in a different way. There is a reason many game developers intentionally add cheat codes or developer consoles to their games.

share|improve this answer
    
But it's too much pressure on server isn't it? Real-time it's gonna be hard – Ohmyholy 4 hours ago
    
@Ohmyholy That really depends on what kind of game you are talking about and how much pressure you consider "too much". I have already seen real-time multiplayer games implemented as html5+server backend. – Philipp 3 hours ago
    
@Ohmyholy, one option you have is to record a log of events on the client device and upload it to the server before the server will accept a client's new save state / leaderboard entry / etc; if your game's operation is deterministic, you can actually replay the the exact inputs on the server side to validate; that way, a player can't successfully submit a score of X without a log showing how they got that score, but there's no need for the interaction to be in realtime. – Charles Duffy 2 hours ago
    
Consider also that if operation is fully deterministic, you can reproduce any buggy state the application can get into using information (that action log) that you were storing regardless [for submission to the server]. – Charles Duffy 2 hours ago
    
The deterministic sim check does help, but its still possible the replay was tampered with by the user, so it doesn't stop all types of cheating. Another thing it doesn't help with is map hacks, if you have "fog of war" which hides enemy actions (like an RTS) – Alan Wolfe 2 hours ago

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.