This is one of my concerns with HTML 5
-
Okay, but doesn't it happen with HTML4 already? :)
Take a look at Html5 Snooker Club here in The Code Project.
-
Okay, but doesn't it happen with HTML4 already? :)
Take a look at Html5 Snooker Club here in The Code Project.
Yes but the way Microsoft is promoting HTML 5 is making clients make a shift from Silverlight to HTML5 even for LOB applications. Its not that Silverlight can't be hacked but its not this easy.
-
If you ask me, HTML should be used for what it was originally designed to do: format text and images on a web page.
See if you can crack this: b749f6c269a746243debc6488046e33f
So far, no one seems to have cracked this!The unofficial awesome history of Code Project's Bob! "People demand freedom of speech to make up for the freedom of thought which they avoid."
-
It is not an issue with HTML5 at all. Any application is hackable if the user figures out the data format for "sensitive data". Had Angry birds saved the data on the server, it would have been more difficult to hack the application. The problem has nothing to do with HTML5.
-
Yes but the way Microsoft is promoting HTML 5 is making clients make a shift from Silverlight to HTML5 even for LOB applications. Its not that Silverlight can't be hacked but its not this easy.
I don't think Microsoft is asking people to abandon Silverlight and move to HTML5. They're spending millions, maybe billions of dollars on Silverlight. I see HTML5 more like a new tool on the development box. Anyway, sensitive data/code should be always on the server side, not on the client side. This will apply to HTML5 too.
Take a look at Html5 Snooker Club here in The Code Project.
-
Except of course it was the fault of whoever decided to store the game level in
LocalStoragenot the fault of the technology. Might as well say a door lock is useless because you keep the key under a flowerpot next to your door. That reminds me, I just need to get something from the garden....Sort of a cross between Lawrence of Arabia and Dilbert.[^]
-Or-
A Dead ringer for Kate Winslett[^] -
Except of course it was the fault of whoever decided to store the game level in
LocalStoragenot the fault of the technology. Might as well say a door lock is useless because you keep the key under a flowerpot next to your door. That reminds me, I just need to get something from the garden....Sort of a cross between Lawrence of Arabia and Dilbert.[^]
-Or-
A Dead ringer for Kate Winslett[^]Keith Barrow wrote:
Might as well say a door lock is useless because you keep the key under a flowerpot next to your do
I would never do anything like that I put it on top of the door frame where no-one would think to look. Obviously with Angry Birds, someone went stupid and decided everything should happen on the client.
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.
-
What makes this concern specific to HTML5, in particular?
--Greg
-
Keith Barrow wrote:
Might as well say a door lock is useless because you keep the key under a flowerpot next to your do
I would never do anything like that I put it on top of the door frame where no-one would think to look. Obviously with Angry Birds, someone went stupid and decided everything should happen on the client.
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.
-
-
Keith Barrow wrote:
Might as well say a door lock is useless because you keep the key under a flowerpot next to your do
I would never do anything like that I put it on top of the door frame where no-one would think to look. Obviously with Angry Birds, someone went stupid and decided everything should happen on the client.
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.
It's a game; it's not like there are profound consequences if security is violated.
Software Zen:
delete this; -
Or they thought it wasn't a big deal. Because, you know, it isn't. People can unlock all levels .. The End Is Nigh!
If you are designing a game, you design the best game you can. If you design a game that can be cracked easily and quickly, you fail, big time.
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.
-
It's a game; it's not like there are profound consequences if security is violated.
Software Zen:
delete this;Are you suggesting that it's okay to do second rate work unless there are profound consequences for violations? My guess is that the guy who built the app demonstrates a profound misunderstanding of how any app that is supposed to maintain data that cannot be changed by the user should work. If he can't do it with "Angry Birds," I sure as heck don't want him building anything that where there are profound consequences.
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.
-
If you are designing a game, you design the best game you can. If you design a game that can be cracked easily and quickly, you fail, big time.
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.
Cost vs value - making it a thin-client game would have made it hard to hack, but then they'd need more time to make it, they'd need to run servers etc, and for what? Just so people can't do a hack that would have had the global consequences comparable to those of a squashed bug?
-
Are you suggesting that it's okay to do second rate work unless there are profound consequences for violations? My guess is that the guy who built the app demonstrates a profound misunderstanding of how any app that is supposed to maintain data that cannot be changed by the user should work. If he can't do it with "Angry Birds," I sure as heck don't want him building anything that where there are profound consequences.
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.
Oakman wrote:
Are you suggesting that it's okay to do second rate work unless there are profound consequences for violations?
Not at all. I'm pointing out that the costs associated with the issue (maintaining server-side storage of the information) might outweigh the benefits (keeping players from accessing levels in a game). If you're charging users for other levels, and the 'cheat' interferes with your revenue stream, then there would a genuine benefit here to securing level access. If the game is simply a come-on for other things, and not important in and of itself, then it's sort of a 'meh'.
Software Zen:
delete this; -
Cost vs value - making it a thin-client game would have made it hard to hack, but then they'd need more time to make it, they'd need to run servers etc, and for what? Just so people can't do a hack that would have had the global consequences comparable to those of a squashed bug?
David1987 wrote:
making it a thin-client game would have made it hard to hack
If you can't do it right, don't do it Second-rate is second-rate.
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.
-
Oakman wrote:
Are you suggesting that it's okay to do second rate work unless there are profound consequences for violations?
Not at all. I'm pointing out that the costs associated with the issue (maintaining server-side storage of the information) might outweigh the benefits (keeping players from accessing levels in a game). If you're charging users for other levels, and the 'cheat' interferes with your revenue stream, then there would a genuine benefit here to securing level access. If the game is simply a come-on for other things, and not important in and of itself, then it's sort of a 'meh'.
Software Zen:
delete this;Apparently, the only answer anyone can come up with to protecting the information is to store it on a server. Wow.
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.
-
David1987 wrote:
making it a thin-client game would have made it hard to hack
If you can't do it right, don't do it Second-rate is second-rate.
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.
No I really disagree - have you never had to work with a budget? There is nothing inherently "right" about making a non-ranked single player unhackable, it's just a waste of time and therefore money to do it. It would be like storing the settings & preferences of MS Word in the Cloud because they shouldn't be "hacked".
-
Apparently, the only answer anyone can come up with to protecting the information is to store it on a server. Wow.
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.
It is the only answer, although you can't even send it there (it would get wiresharked), you have to generate it right on the server. If it is stored on the client, it can not be encrypted. You can pretend you encrypt it, but you would really be obfuscating it since the client has the program that can decrypt it (it had better, or otherwise you just made a block of useless garbled data).