Hello everyone,
I am trying to reduce the size of my cloud script and I decided to make some functions instead of writing same code every time. I was wondering if a hacker can access those normal javascript functions and execute it?
In this example, the players can invoke "TestAPI" and the function works. When I try to call "GiveMoney" from a client directly, it gives me error (which is what I want). I am not sure if a hacker can invoke that "GiveMoney" function somehow. Is that possible? If they can, I will change my cloud script.
function GiveMoney(amount) { var addMoneyRequest = { "PlayfabId": currentPlayerId, "VirtualCurrency": "CA", "Amount": amount }; server.AddUserVirtualCurrency(addMoneyRequest); } handlers.TestAPI = function (args, context) { // ... Some conditions GiveMoney(10000); }