Fake scores
A Mind runs in a World on the client side, and the World JS then reports the score to the server.
Could the Mind JS interfere with that report
and hack or fake the score?
The answer is yes.
The problem is that the World JS and Mind JS both run in the same window on the client side.
The World JS makes an Ajax call to report the score to the server.
The Mind JS could make that same Ajax call.
We cannot see any foolproof way to allow World JS make that call but not Mind JS.
-
Even if Ajax was somehow blocked from Mind JS,
the Mind might directly change some variables in the World code
in order
to cheat at the problem rather than solve it.
- Even if that could somehow be solved,
the user could simply run a separate program (outside of Ancient Brain)
to make the Ajax call to send fake scores.
There is no way to stop fake score attempts.
So we have a solution where
the World owner needs to run the scoreboard.