-1

Even though, I am not a JS newbie, I still have never used (function() {}) before as there was no need. But now I am concerned with security on userside level for my JS game to avoid cheating. So what I did is I placed the following code in my js file:

(function() {
    'use strict';
    
    let a = 1;
});

I tried to access the a variable from console and I couldn't. So I wanted to know - will users be able to access those variables and change them if I use this kind of structure?

Improve this question
3
  • 1
    a doesn't exist because the function is never called. Commented Aug 17, 2022 at 17:48
  • 2
    Any client-side code is available to the user. There is no inherent security with client-side code. Commented Aug 17, 2022 at 17:49
  • A user doesn’t even need to run your code. They could just write their own client and just send some bogus data to your server… Commented Aug 18, 2022 at 6:16

1 Answer 1

Reset to default
3

There is nothing you can to do completely secure that variable. Users will still be able to access it using the debugger, local overrides, or probably other means as well.

A value like that which you need to be immutable to a skilled browser user needs to be stored on a secured backend (server, api, or something).

For example see: Is there a way to change variable values while debugging JavaScript?

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Yeah, they are all backed up on server side. But still, users will be able to change the scripts and do things like move camera away to see more than others, which is cheating. Well. Will have to register user actions and send myself canvas contents every now and then I guess :-)
Just so I know, how can one access and change this variable?
They could "pause" execution of a certain JS file using the chrome dev tools debugger. Then modify the value and restart execution.
In the most extreme case you could imagine a user writing their own web browser from scratch and loading your app on it. This imaginary browser could expose a handy interface to modify every value of every variable at will and there is nothing stopping the user from creating this. This is an extreme example but the point is is that you don't have any control over how your front end code is handled once your server serves it to the user.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.