This is one of my concerns with HTML 5
-
It is not an issue with HTML5 at all. Any application is hackable if the user figures out the data format for "sensitive data". Had Angry birds saved the data on the server, it would have been more difficult to hack the application. The problem has nothing to do with HTML5.
Rama Krishna Vavilala wrote:
It is not an issue with HTML5 at all. Any application is hackable if the user figures out the data format for "sensitive data".
Exactly. You should never use HTML5 local storage for 'sensitive data'! Then again, it seems they changed it. If you look at the comments for the article, the ones posted 2 months ago say the hack 'worked great!', while the ones from 1 month ago say the hack 'doesn't work!'.
-
If you go full on javascript, local storage, and html5 for a full application then yes, you have failed, should be banned from keyboards and maybe even old yellered. Unless.... you sold 10 million copies of the application before someone caught on and the only downside is people get to unlock all levels. You do bring a valid point though while an average developer knows the dangers, as people look for cheaper, quicker ways to turn a buck HTML5 and javascript will start to replace tried and trued technologies. HTML5 opens a wondeful world of being able to do things in the browser much easier, but it has it's security and privacy issues. Not to mention as you point out steal ability. Had a friend write a wonderful web application, using html5, jquery, and jq-grid. When done I copied it down used find and replace and about 10 minutes later had "my version" up and running no problem. He was a little upset that I could steal his work so quickly. So no silverlight, WPF, and .net aren't going anywhere, they just getting some new tool sets to help them deliver a better final result with less "html hacking required" Not to mention they provide things html5 can't and won't provide for years to come. As far as your concern I worry mostly about bad programmers using a copy and paste method without understanding it and causing their customer's lots of grief doesn't take much to hack into local storage of html5, so it's use should really be eh a better replacement for cookies? To store things like site preferences, etc. It shouldn't be used for much else just too risky.
-
If you ask me, HTML should be used for what it was originally designed to do: format text and images on a web page.
See if you can crack this: b749f6c269a746243debc6488046e33f
So far, no one seems to have cracked this!The unofficial awesome history of Code Project's Bob! "People demand freedom of speech to make up for the freedom of thought which they avoid."
Lloyd Atkinson wrote:
If you ask me, HTML should be used for what it was originally designed to do: format text and images on a web page.
Yep. :thumbsup:
XAlan Burkhart
-
The fact that they manipulated the code in HTML5's localStorage is not the issue at all. In fact, before online games, all software configs were stored on the local drive. That's how people have been hacking into games and unlocking password protection for years. HTML5 didn't make this type of "attack" something new, it's been around since the beginning of computers. HTML5 just gave a new publishing platform for developers to shoot themselves in the foot. It's the developers fault that they made this accessible on the local machine and didn't secure it in any fashion. It would be like as if Microsoft had a config file for Office on the local machine and you only had to change a few lines to unlock it for free. What they should have done is stored the sensitive data on the server or encrypted/protected the sensitive data in the local storage.
-
If I play solitaire with a physical deck of cards, I can easily cheat. I can turn over the stack anytime that I want. If I play solitaire with XP, I can't. Does it matter? If I do some simple bookkeeping with Excel, I can change old numbers with no audit trail. If the audit trail is important, then the requirements might dictate a full enterprise or at least secure accounting package. Do we really care if a game allows cheating? Of course many applications require security, but some applications are just tools and don't have much of a security requirement.
-
Keith Barrow wrote:
Might as well say a door lock is useless because you keep the key under a flowerpot next to your do
I would never do anything like that I put it on top of the door frame where no-one would think to look. Obviously with Angry Birds, someone went stupid and decided everything should happen on the client.
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.
-
Isn't this the free version anyway? Why bother paying for services to track scores and levels if it won't generate revenue?
Psychosis at 10 Film at 11
BrainiacV wrote:
Why bother paying for services to track scores and levels if it won't generate revenue?
Services?
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.
-
As I said, it's always impossible until someone does it. I suggest to you that we should simply disagree and let this go. Obviously I have higher standards for what constitutes good game design than you do and there's the end of it.
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.
Just so you know, at least one more person sides with David in this disagreement. Judging by the votes you got, I'd say more than one. You may be right, someone maybe could obsfucate data locally that can't be hacked. I wouldn't pay anyone to try going down that path on my watch. (You are putting up a bulletin board saying it is impossible to hack "this". Someone is sure to put in the effort to prove you wrong.)
-
Isn't the point of HTML to publish data, not protect it? Is there something in 5 that promises more? Sometimes you get help from unexpected sources. I was charged with designing a secure source of data and looked into separating the sources into separate XML segment files and including only the files the user is authorized to see. I was concerned that the only protection to the sources was obsfucating the member names of the files because my inital view of straight XML parsed into HTML showed the XML needed to do it and I was afraid they could guess the other file names. Imagine my surprise when I ran the cgi that produced the same XML and viewed the source that it was HTML. That obviously didn't come from the secure portal which had no problem displaying XML source lines from the file. The cgi wasn't designed to know what you are doing and parse XML into HTML. I was left to conclude that IE determined the source was a cgi and provided the conversion. The project was dropped because the sources I had available weren't discrete enough to prevent someone authorized to view one thing from viewing everying from that source, my proposed solution wouldn't be used, and no other option was presented.
-
Just so you know, at least one more person sides with David in this disagreement. Judging by the votes you got, I'd say more than one. You may be right, someone maybe could obsfucate data locally that can't be hacked. I wouldn't pay anyone to try going down that path on my watch. (You are putting up a bulletin board saying it is impossible to hack "this". Someone is sure to put in the effort to prove you wrong.)
KP Lee wrote:
Judging by the votes you got, I'd say more than one.
If there's one thing I don't worry about, it's my popularity. If you don't like what I say, argue with me or KMA. If it gives someone a thrill up their leg to vote me a one - why the frack should I change what I have to say?
KP Lee wrote:
You are putting up a bulletin board saying it is impossible to hack "this"
You seem to have trouble reading. Even David finally got the fact that I wanted the game to be easier to win by playing than by hacking. One of the favorite excuses of the incompetent is to use the perfect to avoid trying for the good. Sure there are people who when told they can have it good, they can have it cheap and they can have it fast - as long as they pick two, choose fast and cheap. Me? I don't work with people who embrace mediocrity.
The 3-legged stool of understanding is held up by history, languages, and mathematics. Equipped with these three you can learn anything you want to learn. But if you lack any one of them you are just another ignorant peasant with dung on your boots. R. A. H.