Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Re^6: A question about web service security

by PerlOnTheWay (Monk)
on Aug 05, 2011 at 16:43 UTC ( [id://918824]=note: print w/replies, xml ) Need Help??


in reply to Re^5: A question about web service security
in thread A question about web service security

I doubt there's a single web game(with lots of mouth movement/clicks) that doesn't put anything on the client.
  • Comment on Re^6: A question about web service security

Replies are listed 'Best First'.
Re^7: A question about web service security
by Anonymous Monk on Aug 05, 2011 at 23:41 UTC

    fullermd is exactly right about your problem. As long as you trust the client you you have a security hole. This is not unique to web games.

    The issue about it coming your page is irrelevant: when it's MY browser, it is trivial for me to to inject my javascript in YOUR page (I do this routinely). What you really want to do is detect if they're running ONLY your javascript and you can't do that remotely. Heck, I'll just call your function to gimme_refos() and have the high score in no time.

    I suspect that most "web games with lots of mouse clicks" don't worry about site wide high score tables for exactly this reason.

[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://918824]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others avoiding work at the Monastery: (5)
As of 2024-04-25 23:12 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found