Fix App Lab Hacking

In fact, I know EXACTLY what they’re doing to hack App Lab apps.
Hackers are using the Inspect Element console and typing commands that start with Applab.storage... to mess with the data tables in apps.
Code.org has refused to fix this issue for years.
Any apps that use the data tables are unsafe because of this.
Even simply renaming the Applab variable would fix nearly 100% of the hacking.
DO SOMETHING!

1 Like

Renaming Applab would not work.

A competent hacker or whatever you call them can still access storage functions. The most nastiest trick I use is appOptions.readonlyWorkspace = false This lets you edit the code (changes do not save) and gives you the data tab (changes do save!)

It is not possible to hide storage functions without making your app unusable.
The only solution to this? You’ve already heard this before but… create a backend. That’s your own way to solve this.
I won’t explain it here, but it’s simple.

1 Like

Do not post hacking methods here. Not everyone checks the teacher forums, but posting another hacking method only makes the platform more unsafe for apps that use Data Tables.

OK so a forum moderator edited your reply to remove the instructions for creating a backend (which is weird because the edit can still be viewed) but didn’t remove the actual hacking method. What has code.org come to.

Apps that use tables and key values have most likely already been attacked, one famous example is Photop. If you’re so worried about your Tetris Code.org Edition’s accounts getting hacked by these people, then just don’t use tables or key values, and instead use the method that the previous commenter mentioned. Code.org is a volunteer-ran non-profit, not some massive corporation; they really can’t afford to almost completely redo their storage system.

Yes. My app, Hangouts Chat, has been hacked probably around 200-300 times in the last 7 months, with hacks ranging from sending previous messages again, changing account data such as profile pictures, bios, and settings, sending huge amounts of coins to random users, or just wiping all the data.