doubi8383 2013-02-17 09:19
浏览 33
已采纳

通过客户端和服务器保护命令

I am using Fancy WebSockets in Javascript to communicate with my php server for my multiplayer game.

But right now, i just send raw sockets (json) as

Sending: {"command": "login", "data": {"id" : "1575","md5" : "6bd8937a8789a3e58489c4cfd514b1a7","username": "densortekat"}} index.php:58
Sending: {"command": "inroom"} index.php:58
Reciveing: {"command": "roombg","data" : "shop.png"} index.php:83
Reciveing: {"command" : "NEWUSER","data" : { "username" : "densortekat","seat_id" : "29","room_id" : "9"}} index.php:83
Sending: {"command" : "move", "data" : { "seat_id" : "53"}} index.php:58
Reciveing: {"command": "move", "data" : {"username" : "densortekat", "seat_id" : "53"}} index.php:83
Sending: {"command": "request_trade", "data" : "densortekat"} index.php:58
Reciveing: {"command":"trade", "data": {"username":"densortekat"}} index.php:83
Sending: {"command":"ping"}

My question is, how can i from javascript till PHP and the same way PHP->Javascript encrypt the data, so other cannot see what's going on?

  • 写回答

2条回答 默认 最新

  • doulv8162 2013-02-17 09:45
    关注

    You can't be sure javascript is activated on the client side, but te real problem is, you have no way to know the data you send & receive to the client from the server is dealt with by javascript and not by the user.

    I, as a malicious user, can send you data like the one above that I forged myself rather than data that was computed by your js code. There is no way to receive data from a client with any certificate saying "this data was generated by a trusted js VM and not forged/manipulated by a user".

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 对于这个问题的解释说明
  • ¥200 询问:python实现大地主题正反算的程序设计,有偿
  • ¥15 smptlib使用465端口发送邮件失败
  • ¥200 总是报错,能帮助用python实现程序实现高斯正反算吗?有偿
  • ¥15 对于squad数据集的基于bert模型的微调
  • ¥15 为什么我运行这个网络会出现以下报错?CRNN神经网络
  • ¥20 steam下载游戏占用内存
  • ¥15 CST保存项目时失败
  • ¥20 java在应用程序里获取不到扬声器设备
  • ¥15 echarts动画效果的问题,请帮我添加一个动画。不要机器人回答。