Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No server-side verification for the newGistLink event #14

Closed
LearningNerd opened this issue Jun 28, 2017 · 0 comments
Closed

No server-side verification for the newGistLink event #14

LearningNerd opened this issue Jun 28, 2017 · 0 comments
Labels
bug

Comments

@LearningNerd
Copy link
Member

All other client events are verified to confirm that the client is indeed the current player, but currently there's no verification for clients sending newGistLink! That means users could potentially cheat and change the Gist link at any time.

Related issue/limitation: handling the creation, forking, and editing of Gists on the client side means there's no way to prevent users from cheating or messing up the game! The only way to prevent that entirely would be to handle all of those actions on the server. Another issue: since this app relies on GitHub, there's no way to prevent users (within the game or outside of the game) from forking and editing the game's Gist at any time, even if the server did handle all the API calls!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@LearningNerd