Come come let me explain: That’s what you get when you expose your function name of sending scores from the front end LMAOOOOOO

The codes are like written by a uni student.

Especially when the functions are so public even TS can inject those function with bogus data eg addscore(“1600”) using your console.

TS got basics of programming but encryption won’t prevent this.

What the website should do is : send responses of the user-clicked coordinates to the server. Server should calculate the score based on server time difference and where the user clicked. All these functions SHOULD NOT be exposed in the front end LOL. Why do you expose your score algorithms like that?

Once the server calculates the data, send total score value back for showing purposes. The server SHOULD NOT accept scores values, nor should the programmers expose the answer on the front end. These values MUST ONLY be sent back to client

It’s that simple. If the website calculates the timer on front end You could freeze it technically. Same idea and you can get max points. Since the calculate score is done on front end I presume

Rule 1 in programming: don’t trust your clients.

This post has been edited by KekTart: Dec 3 2020, 02:40 AM