question

Ozan Yilmaz avatar image
Ozan Yilmaz asked

Can A Hacker Invoke Normal JS Functions In Cloud Script?

Hello everyone,

I am trying to reduce the size of my cloud script and I decided to make some functions instead of writing same code every time. I was wondering if a hacker can access those normal javascript functions and execute it?

In this example, the players can invoke "TestAPI" and the function works. When I try to call "GiveMoney" from a client directly, it gives me error (which is what I want). I am not sure if a hacker can invoke that "GiveMoney" function somehow. Is that possible? If they can, I will change my cloud script.

function GiveMoney(amount) {
    var addMoneyRequest = {
        "PlayfabId": currentPlayerId,
        "VirtualCurrency": "CA",
        "Amount": amount
    };
    
    server.AddUserVirtualCurrency(addMoneyRequest);
}

handlers.TestAPI = function (args, context) {
    // ... Some conditions
    
    GiveMoney(10000);
}
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
JayZuo avatar image
JayZuo answered

Players can can only call CloudScript methods attached to the handlers JavaScript object. So, if you didn't expose your function with handlers object then hackers also can not invoke that function.

1 comment
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Ozan Yilmaz avatar image Ozan Yilmaz commented ·

Thank you for the answer

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.