admin管理员组

文章数量:1336660

With all the recent hype about JavaScript and HTML5 replacing Flash, I wanted to know - How would it be possible to protect client-side js code? Of course, it is possible to obfuscate it, but that would only make it a little harder. Also, for games which submit high scores to the server, wouldn't it be incredibly easy to modify those scores before they are sent to the server? I know even Flash files can be depiled, but they can be obfuscated and flash depilation is not as easy as modifying data in JS - could be done easily using a plugin such as Firebug. I'd like to know everyone's views on this.

With all the recent hype about JavaScript and HTML5 replacing Flash, I wanted to know - How would it be possible to protect client-side js code? Of course, it is possible to obfuscate it, but that would only make it a little harder. Also, for games which submit high scores to the server, wouldn't it be incredibly easy to modify those scores before they are sent to the server? I know even Flash files can be depiled, but they can be obfuscated and flash depilation is not as easy as modifying data in JS - could be done easily using a plugin such as Firebug. I'd like to know everyone's views on this.

  • javascript
  • flash
  • html
  • obfuscation
Share Improve this question edited Jun 12, 2010 at 11:30 skaffman 404k96 gold badges824 silver badges775 bronze badges asked May 10, 2010 at 7:24 BlueSilverBlueSilver 1,0522 gold badges10 silver badges25 bronze badges
Add a ment  | 

2 Answers 2

Reset to default 8

Javascript, being parsed on the client, is never 100% safe. There will always be ways to find out what it does. A few days ago I've even seen a tool which unpacks packed javascript so the only thing you can really do is using "ugly" variable names (or actually, make a javascript packer transform your "good" variable names into short/ugly/nonsense ones)

To protect game results, you have to move some of the game logic to the server so the client cannot send arbitrary results.

Summarizing it: Don't put secrets in javascript code and don't trust anything ing from the client - no matter if it's from a form or generated/submitted via javascript.

You say that for game that sends high scores to the server it would be too easy to modify javascript and forge request?

Except for case, when you use some cryptography on the client, it is the easiest way to forge such request not even analysing the script but sending false request itself. Everything you send between server and browser can be easily viewed on puter, analysed and changed.

本文标签: flashSecurityProtecting code in JavaScriptStack Overflow

版权声明:本文标题:flash - SecurityProtecting code in JavaScript - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742421241a2471698.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。