Sign in to follow this  
jjwallace

Site lock with grunt?

Recommended Posts

Ah, so by "sitelock" and "url lock" do we mean making sure your game can't be embedded on other websites except your own?

Interesting. 

Unfortunately, symof's method isn't very secure. If a URL had 'domain.tld' anywhere in it (as a query parameter for example) then the code lock would fail. Plus, it wouldn't be too difficult to edit your script to remove that line and make the game work, even if the code is minified. 

The only solution I can think of off the top of my head is to have the server come up with a random token it sets as a cookie in the browser on page load. Then, when the page requests the assets and JavaScript files for the game from your server, the cookie would be sent along with the requests and the server would verify that its the correct value for the token and serve back the requested files. If the cookie was missing or was a bad value, it would not serve the files and the game wouldn't get loaded on the client. 

Share this post


Link to post
Share on other sites

It's good to have an example like that to show the concept of verifying something unique to the site to make sure the code is running on the right page. 

Still though, it doesn't matter how the value is checked (string or variable or whatever) if it all happens on the client side. If someone is intent on running your code on their own site, nothing will stop them from downloading the JavaScript/images/html from your website and editing the code to make it run on theirs. For this example, that means changing whatever client side value is checked. 

The only way to make sure that can't happen is to do the verification server side. That's something that someone can't copy just by downloading your JavaScript files. 

Its a more complex solution, but will secure your content by tying it to the response from your server. 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.