+ 2

API Security System "Snake || API Scoreboard | EN, DE, FR, ES || V1.2"

Hello Community, I am currently working on a project where user scores are stored via an API on a server. The project is called "Snake || API Scoreboard | EN, DE, FR, ES || V1.2". However, since the source code is open source, there is a risk that users could manipulate the scores to illegitimately achieve the high score. One possible solution would be to execute the entire score calculation logic server-side. This would mean sending the position of the items and the player's movements to the API, and calculating the score on the server. However, this method results in a very high number of requests to my Laravel API in a short period of time, which could severely impact system performance. What other options are there to prevent score manipulation without overloading the API with too many requests?

laravelgame-developmentapi-optimizationapi-securityhigh-score-protectionmanipulation-preventionopen-source-securityreal-time-calculationsscoring-systemserver-client-communication
8th Oct 2024, 11:58 AM
LassBattlen
LassBattlen - avatar
3 Respostas
+ 2
you can check if the new score being sent to the server is "impossible" the pseudo code is not perfect, just an example if you check every time the user scores (let's assume an apple is 1 point): if currentScore + 1 != newScore then there has been manipulation if you check when the game is over (this may be a little less accurate, but not a problem with a snake game). - 2 would be the starting length with score 0, for example. expectedScore = snake.length - 2 if expectedScore < overallScore then there has been manipulation
8th Oct 2024, 2:08 PM
「HAPPY TO HELP」
「HAPPY TO HELP」 - avatar
+ 1
I will try to implement it once I get home. Thank you for your valuable advice.
8th Oct 2024, 2:20 PM
LassBattlen
LassBattlen - avatar
+ 1
I wrote a game once that had to run on the client, but I also needed security. What I did was encrypt the data to be sent to the server. Prepare an object with all the data needed to share to the server. Player name, score, date, number of kills, level, etc. Encrypt that using some secret key. Pass the encrypted object to the server. The server decrypts it and updates accordingly. As long as users cannot find out the encryption key for the data, they won't be able to hack it. For added security, the server can generate the encryption key for a given session when the game starts. Each time the user launches a game, they get a new key. The server provides it so it's always unique. It is still technically hackable, but at least it's not a hard-coded key.
8th Oct 2024, 2:34 PM
Jerry Hobby
Jerry Hobby - avatar

Costuma ter perguntas como essa?

Aprenda de maneira mais eficiente, de graça:

Ver todos os cursos
Quente hoje
How to dynamically get data from my GitHub account
1 Votes
How to take React course in SoloLearn?
1 Votes
are yall ai
0 Votes
What's the error in this program ?
3 Votes
C language running problem
0 Votes
Help me plz
1 Votes
Time Complexity
0 Votes
Swapping two numbers in c programming
0 Votes
API Security System "Snake || API Scoreboard | EN, DE, FR, ES || V1.2"
2 Votes
Php
2 Votes