question

Esteban Feldman avatar image
Esteban Feldman asked

How to secure leaderboard from hacking/cheating?

Hi

So this is a HTML5 Flappy bird like game where you collect coins with various values and at the end of the game the statistic for leaderboard is sent thus being prone to hack, players can execute the request from the browser cheating the last score.

In the tutorial you recommend to enable "Allow client to post player statistics"

https://docs.microsoft.com/en-us/gaming/playfab/features/social/tournaments-leaderboards/quickstart

So thats the way it's implemented and now the game is full of fake high scores.

Whats would be the best way to improve this?

Thanks.

Leaderboards and Statistics
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
brendan avatar image
brendan answered

To be clear, that's a simple example of leaderboards - it is absolutely not a best practice or a recommendation. It is completely impossible to prevent bogus scores from being posted to your leaderboard, if that option is enabled. That's specifically why that option has this pop-up warning in the settings page of the Game Manager:

"WARNING: Enabling this feature may allow clients to cheat."

If you need your leaderboards to be secure, do not turn on that option. Instead, you should only update statistics via a server authoritative operation, like Cloud Script or a custom game server, where you can have your own code check the values the client is sending to determine if they are valid.

1 comment
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Esteban Feldman avatar image Esteban Feldman commented ·

Yes that's what I say in my comment and I add at the end:

Whats would be the best way to improve this?

Could you provide an example or tutorial?

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.