Programmatically prevent external script interactions with application?

Hi, I was wondering is it possible to programmatically prevent external script interactions with application?

Imagine a ‘Public’ script that is attached to a player in game.
Since the script is public and anyone can edit it, how can I prevent it to messing up other entities, app code etc and just allow if it affects a group of predefined entities?

Also, how well does PlayCanvas stand out in terms of Javascript injections etc? Is it hard to ‘Hack’ in to the app itself

A little update: Seems like console is just enough to hack in to the app, but the debug instanty throws an message so it is possible to detect it? How?
Anyways, once the game is raedy I’ll have to do some server-side logic and scripting to prevent bad stuff happening with multiplayer game, any advices?

Hi @Newbie_Coder,

All JavaScript executes in the client, that is your player’s device. Meaning he can at any point have access and mess with your code. There are some strategies to make that harder by minifying and obfuscating your code but that can’t prevent 100% determined users. It will just slow them down.

When it comes to multiplayer, even native non JS games suffer from cheating and exploiting. The solution is always the same:

Don’t trust the client.

Run all of your game sensitive code in the server and verify all game rules server side. There is a lot of literature online, try doing some searches for multiplayer and anti cheating.

1 Like

You can obfuscate the published game scripts with something like that can make it difficult to inject and use devtools but as Leonidas said, never trust the client. People can also modify network packets relatively easily.

1 Like

Great tips!
But what if I can’t do some very important logic on server side? Calculating near entities models and its mesh instances for example, which is crucial for the next steps

You are going to have to by having that data on the server side.