Prevent Cheating In Rails/html5 Game App (Rails 3.2/html5/javascript)
Solution 1:
In addition to using post as mentioned in the answer from palainum above, if needed, you could add a string (instead of an ID) in any place in your game where the URL could be edited and is visible.
Background - I had a similar problem in one of my apps (where if a URL was changed people could deduce / edit the number and cheat). The way I overcame it was to generate a unique code for the item in the URL.
To do this, I would add a string attribute to Winning model called url_code, make it required and indexable:
add_column :winning, string :url_code, :null => false, :index => true
in your model add an after_initialize callback:
Class Winning
validates :url_code, :uniqueness => true
after_initialize :create_url_code
def create_url_code
self.url_code=SecureRandom.hex(4) if self.url_code.nil?
end
And use that as a parameter in the cases using an ID is a problem (similar to this in your controller)...
@winning = Winning.find_by_url_code(params[:id])
Also, you could do the same thing for your users URL (or if you need to display it every in URL) by using the user.name as a friendly_id.
edit - just fixed a typo where I had offer_code instead of url_code.
Solution 2:
There are at least two things you can do now:
- Send
POSTrequest - it will be still possible to cheat, but it will require more work - Create a model
Win- and create object of this class after winning a game. Then after making request (point 1) you can check if this object exists.
EDIT:
Sorry, you already mentioned Winning class. Just create object of this class after winning a game, then check if a user won a game (if the table contains a record with the user and the game).
You should also store shots of a user in a game and use unique validation to disallow for example shooting twice in one game.
Post a Comment for "Prevent Cheating In Rails/html5 Game App (Rails 3.2/html5/javascript)"