Security aspects

Clients can't be trusted

To be upfront, hackers can re-engineer any client. So if You have a game which is running purely on a client only, any score being submitted from a client can be faked.

We have taken actions in oder to minimise possible fraud, but when the code is running only on a client there is no way to fully trust anyone. That is different to if You run the game on a server. In that case the score is generated there and cannot be compromised (unless You hacl into the server ofcourse).

In any case the security measures we have taken are the following:

• Scores can only be submitted by registered users
• Each submission needs to be waged
• Sequential state machine for score submission
• Blacklisting mechanism for potential offenders
• Whitelisting check for submission

Servers can be trusted

Thinks are different when You have a server implementation of a gave with a JS front end. Then You can ensure that the submission of the score calculation and submission happens from the server side and tampering is not possible