Board Thread:Support Requests - Getting Technical/@comment-26474238-20140616215501/@comment-452-20140618025204

Undead.exe wrote: "Message Wall Greeting" is a namespace that can't be viewed by other editors through, unless they have sysop rights. By itself, that statement is true, it cannot be viewed through action=edit, but it can be viewed by other methods, so it cannot be relied upon for security. (If you want to test this out, add a test to your message wall greeting source, and I'll tell you what it says.)

edit: To address the topic, a constant with any security problem is managing access. You could write some javascript to optionally show content depending on game progress, but if you want it to be based on a password, then you run into the issue of having to communicate that password, and the javascript which does that must obviously be accessible by anyone.

Javascript-only games will always be hackable. (I welcome being proved wrong!) Security through obscurity is the best you can hope to achieve, and anyone who is determined enough will work it out anyway. (When you have the luxury of performing server-side sanity checks, javascript hacks don't matter so much, because you can detect cheats. You could add some kind of checksum template, but that could easily be overcome, because it's still all public.)

I suggest you just focus on making it easy and fun, and if people want to cheat, let them. If a javascript game is too slow for me, I usually tinker with it, but I still enjoy it. For example, a dark room, a great game, but it was more fun when I set a timer to autopress the buttons. ;)