doubi8383 2013-02-17 09:19
浏览 33
已采纳

通过客户端和服务器保护命令

I am using Fancy WebSockets in Javascript to communicate with my php server for my multiplayer game.

But right now, i just send raw sockets (json) as

Sending: {"command": "login", "data": {"id" : "1575","md5" : "6bd8937a8789a3e58489c4cfd514b1a7","username": "densortekat"}} index.php:58
Sending: {"command": "inroom"} index.php:58
Reciveing: {"command": "roombg","data" : "shop.png"} index.php:83
Reciveing: {"command" : "NEWUSER","data" : { "username" : "densortekat","seat_id" : "29","room_id" : "9"}} index.php:83
Sending: {"command" : "move", "data" : { "seat_id" : "53"}} index.php:58
Reciveing: {"command": "move", "data" : {"username" : "densortekat", "seat_id" : "53"}} index.php:83
Sending: {"command": "request_trade", "data" : "densortekat"} index.php:58
Reciveing: {"command":"trade", "data": {"username":"densortekat"}} index.php:83
Sending: {"command":"ping"}

My question is, how can i from javascript till PHP and the same way PHP->Javascript encrypt the data, so other cannot see what's going on?

  • 写回答

2条回答 默认 最新

  • doulv8162 2013-02-17 09:45
    关注

    You can't be sure javascript is activated on the client side, but te real problem is, you have no way to know the data you send & receive to the client from the server is dealt with by javascript and not by the user.

    I, as a malicious user, can send you data like the one above that I forged myself rather than data that was computed by your js code. There is no way to receive data from a client with any certificate saying "this data was generated by a trusted js VM and not forged/manipulated by a user".

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 java 操作 elasticsearch 8.1 实现 索引的重建
  • ¥15 数据可视化Python
  • ¥15 要给毕业设计添加扫码登录的功能!!有偿
  • ¥15 kafka 分区副本增加会导致消息丢失或者不可用吗?
  • ¥15 微信公众号自制会员卡没有收款渠道啊
  • ¥15 stable diffusion
  • ¥100 Jenkins自动化部署—悬赏100元
  • ¥15 关于#python#的问题:求帮写python代码
  • ¥20 MATLAB画图图形出现上下震荡的线条
  • ¥15 关于#windows#的问题:怎么用WIN 11系统的电脑 克隆WIN NT3.51-4.0系统的硬盘