Is it possible to protect react redux states from clientside-manipulations?

Question

Currently im coding a small math-game for the browser. The current plan is to have two redux states for the gamedata. One for operational data, which doesnt have to be stored in the database because it just contains data for the game-logic and another one for the savegame data. The savegame data will be stored in a database after every ingame-interval.

I just learned that states can be manipulated from the client-side, which wouldnt be very desireable since the game will have multiplayer components.

So i wonder if it is possible to protect the states from manipulation in any way. Would welcome your ideas. Thank you in advance.

Answer 1

As a general rule of thumb, you should assume any state on the client can be manipulated no matter how well you think it's protected. It's like giving a stranger a safe: a determined enough person will find a way to open it.

If you can't trust the client, then the server becomes responsible for verifying everything it is sent. How you have to do this depends heavily on the game you are making and what needs to be verified.

For example:

• If you need to verify a high score, a server could replay actions to determine if the gameplay was achievable (and since you're using Redux, you have a record of said actions)
• In a multiplayer game, game state is actually maintained on the server, with clients merely sending their intent and accepting whatever the server determines is the current state of the game. If a client tries to send an illegal action, the server rejects the request.

Granted, what you do also depends on your security needs. It's possible you don't need perfect security and can settle with making it prohibitively difficult (though not impossible) to cheat.