|
|
|
|
|
|
by mannix
4697 days ago
|
|
|
No, but you can make it much more difficult by passing something like a frame of the game state, where some variables (like Timer) are passed in plaintext, and others (which are calculated in an aggregate way at runtime, e.g. can't be easily guessed) are hashed for double checking by the server. Of course double-submission is still an issue, but nonces and server-side duration checks should help you here as well. Compress the &*!# out of your source and.. it will at least take an attacker a lot of time to break. afaict (would loved to be proven wrong here) Firebase gives you basic protection but any script kiddie will still be able to defeat it. Edit: grammar |
|
|