Hello all
im new to this forum as user who post questions .
so i have simple slot machine game that is using simple http post methods to update the server ( netty )
now im in the stage of securing the game , so evil user will have hard time to hack and get the system cheered
i know its a big subject , and i what to learn some basic model to implement in the server to try to prevent some frauds .
where should i start ?
thanks
sorry about the spelling
i ment system anti cheated
To make it secure and make it so the user can not hit the jackpot each time when they hack it, is if you make the spins calculated server side instead of on the client, then the client has no direct control of what they get.
yes as i written in the question , i do know the concept of "never trust the client " , but what i realy what to know is
which patterns of models of protection should i use , i dont what to reinvent the weeks .
for example calculation the spinning n the server , how should that work ?
(i dont ask for code just direction )
Hmm, the patterns of what now? Spinning calculations? :V
Client says “I want to spin the wheel”
Server calculates with Math.random() and sends back the result.
As opposed to the client calculating the result. :o
that means i need to keep the connection open. and to send trigger back to the client with results ,
what about if i have timer that is starting at the client , should i start to calculate it in the server also ?
is there any danger of i keep open connection to the server all the time ? and do updaters?
is web sockets are good solution ?
The question of the connection being open or not doesn’t matter. You’re going to need to have the connection open at the very latest you want to send a response from the server to the client.
[quote=“umen242,post:6,topic:41158”]
Hmm. I thought I could decipher your post but I’m lost tbh.
If you’re using HTTP, you should know HTTP is a stateless protocol. Revolving largely on POST and GET. http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol
Why don’t you have the clients send a GET message and have the server send them the calculated result in the response?
What it it all boils down to is not letting the Clients alter the server in any way. They can request information but not alter it.