Security aspects
Clients can't be trusted
To be upfront, hackers can re-engineer any client. So if You have a game which is running purely on a client only, any score being submitted from a client can be faked.
We have taken actions in oder to minimise possible fraud, but when the code is running only on a client there is no way to fully trust anyone. That is different to if You run the game on a server. In that case the score is generated there and cannot be compromised (unless You hacl into the server ofcourse).
In any case the security measures we have taken are the following:
- Scores can only be submitted by registered users
- Each submission needs to be waged
- Sequential state machine for score submission
- Blacklisting mechanism for potential offenders
- Whitelisting check for submission
Servers can be trusted
Thinks are different when You have a server implementation of a gave with a JS front end. Then You can ensure that the submission of the score calculation and submission happens from the server side and tampering is not possible