Hey people - I thought cool idea would be to add a leaderboard to my game and I did so LINK.
Feel free to share your thoughts. I have used dreamlo.com, it's free and easy as F.
Wow, thanks for such big response. I'll answer some topics from it:
1) recording movement and making a server validate it - to be honest I know nothing about server side computation or anything related to it. I am a total newbie in multiplayer world. This leaderboard is dead simple - it just works as the simplest fetch api.
2) encrypting - actually I have a great idea. Do you think that encryption like this would work or is it easy to break by hackers? Example: every score in the database needs to have 1 on the end or otherwise it won't upload. For example of someone scores 23, a database entry would look like this 231.
The whole points is that site I am using accepts 2 ints and 1 string as a score parameters. Max I can send is: Username scored 10 points in 10 seconds and is awesome. That is why I can't implement record system. I am not sure if I will have enough time to work on any kind of encryption as I do have private life and full-time job and I am lacking in time.
I have just implemented one mechanism which prevents using the simplest cheat engine trick. Even if you edit your in-game score and die with for example 999 points, the script will recalculate it and send updated value to the database.
Why is converting to bytes and then encrypting safer if we are talking about a situation where hackers see my code. It seems like there's just no way to overcome this. Once someone sees my code, there is no safe way. Correct me if im wrong.
I agree with this. The threat you are facing is pretty context sensitive. Worst case here is that someone spams your Highscore with bogus data.
Is it annoying? Sure. Does it reduce the enjoyment of your game? Probably not much. Is there a threat to your players or their personal/sensitive data? Definitely not.
So worst case scenario is annoyance. Do you want it from a product you paid for? Probably not. Can you forgive it in a 48h jam game, especially if caused by a third party being an asshole on purpose? Hopefully.
So I would leave it and fix it later if the game continues to be a project after the jam.
I had a similar situation in my project. You could spam my lobby server with fake games and keep them in the server list if you emulate the heart beat for each one. You can even manipulate the shown player count for existing games. But why would you for a jam game? So I could either have spent a portion of my 48 hours to make the lobby more secure against dedicated assholes or spend it on my game. The server doesn't store any personal data (it doesn't store ips, only a token for the signaling server) so it can't leak any. And if someone starts spamming (again, I don't know why anyone would for a small jam game) I'll start blacklisting ips (because I can see the logs...)
We should both remember to tighten up security after the jam though.
Hi ablaszkiewicz ! How did you go about using dreamlo in itch.io? I wanted to implement it in my game but apparently itch.io does not allow me to make "HTTP request" on "http" sites like dreamlo. it only allows in "https". I thank you for your answer and sorry for my writing in English. I am Spanish