How to hide resources from player

[zigazak]

So i've been developing a game where you can gather resources that can be used to build and recruit units.

I store the players accumulative resources in a global variable on the window object - so it persists on game state changes.

However it's super easy to open up the console and give yourself resources through accessing that variable.

Is there an elegant way to hide persistent data from the player? 

[Fricken Hamster]

Write it as some bytes maybe?

[mattstyles]

6 hours ago, zigazak said:

Is there an elegant way to hide persistent data from the player? 

Yeah, persist stuff only on the server

The flip side of this (as it sounds like server storage isnt an option for you) is to employ a module system so that variables are never leaked to global. Use a singleton class to store game state and pass that singleton to modules that need to use it.

// store.js
var store = {
  gold: 0,
  wood: 0,

  addGold: function( amt ) {
    this.gold += amt
  }
}

module.exports = store


// game.js
var store = require( './store.js' )

document.body.addEventListener( 'click', function makeMeRich() {
  store.addGold( 1000000 )
})

This is commonJS modules (as used by node, but a variant is coming to a browser near you fairly soon, maybe) so you‘ll need to package your application so that today's browsers can understand it. There are a couple of different systems that can do it, the following example uses browserify:

$ browserify game.js > bundle.js

All this program does is take an entry point (game.js in this example), parses it looking for module stuff (in this case `require` and `module.exports`), works out the dependency tree, wraps each module into a function and passes those functions into each other to pass dependencies around. This process is complicated, but, from your point of view it is easy, you simply run the command and create `bundle.js` which is ready to be run in a browser. Other module packagers work in a similar fashion—they require that a process is run and produce something the browser can understand, you can actually do this on-the-fly in the browser but it is more difficult and arguably less performant.

The upshoot of all this is that you can pass your store object anywhere you like, but, it’ll become trapped inside a closure and inaccessible from the browser (window), i.e. you've stopped leaking globals.

If you want to persist this data over game sessions then you've got to serialise it and stuff it somewhere, if you stuff it in the browser (local storage, cookies, db) then it'll be viewable and mutable to all, your only solution is either client-side encryption (which can be unravelled) or passing it to a server.