1

I use localstorage to store things like highscore in this game: http://wacky2048.ga/

If you inspect element and on the top navigation bar (where you see Elements ... Performance), then click the >> button, click Application, you can see all the localstorage items, and if you double click, you can change it. You may need to make a move and refresh.

A lot of people know this trick so the highscore becomes meaningless.

Is there any way to stop this? I store integers and JSON stringified things (in case you want to suggest a encoding method).

Jason C.
  • 11
  • 1
  • 3
  • 4
    there is no way, and even encoding in the client would be useless – Jaromanda X Oct 10 '18 at 05:10
  • 5
    Once the information is stored in the client, it's always editable. With that strategy, users to cheat in your game is inevitable. Use other strategy instead, for example storing the data in the server, and validate each action user performs. – choz Oct 10 '18 at 05:12
  • So, if you are using the local storage, which is editable. You can encrypt the high score and store it in the local storage, and decrypt when displaying, so users cannot edit the value. – chintuyadavsara Oct 10 '18 at 05:27
  • 1
    @ChintuYadavSara if this encryption algorithm is on the client, what exactly would prevent me from using this algorithm to encode my own "highscore"? Or maybe just set a breakpoint at the start of the encoding method and change the value that is encoded? See the first two comments. – Thomas Oct 10 '18 at 05:52

1 Answers1

1

The better solution would be store the data in the server. But if you really want to use localstorage consider storing the JSON as a jwt token and encrypt it using a private key which user doesn't have access. Also when your app access that data in the localstorage always check for validity. If the token is invalid, what you can do is re fetch the information from the server.

Like i said before this is more of a dumb approach. Storing data in the server would be a better solution.

Edit: To hide the private key you could use environment variables like NODE_ENV (this depends on the framework you are using)

Nimesha Kalinga
  • 262
  • 4
  • 17