Security

ccurzio · Apr 17, 2026

I hope you made this thing secure.

barbecuesteve · Apr 18, 2026

I welcome your input. The only effort I've put into security is just making it really simple. But if you read code, you can hack the high scores, I suppose. Everything is user session gated on the backend.

ccurzio · Apr 18, 2026

From what I can tell so far you done good. I tried some basic stuff yesterday: changing cookie values and throwing them at the app (your code gracefully falls back to defaults), mild directory traversal attempts, nothing nuclear or even ballistic. Nothing worked. Then I got distracted by the arcade again. (AND YES I EARNED EVERY SINGLE HIGH SCORE LEGITIMATELY.)