Is AppLab's code ran on the client or on the website server?

The post is simple, I’m just wondering whether the application is running on the website or on the client (allowing it to be exploitable).

If AppLab uses a website server to run the application, I would love for a feature that listens to the player’s connection and disconnection, allowing more features for an online game.

Applab and all other projects are executed server side thus not making it as much of a security concern but do note that anything can be exploited given enough time, and you can do that already with a keepAlive token within a table using time as a constant to ping the player when they are still on and if they leave they’ll eventually be timed out simple as that, though i’d very much advise against any multiplayer type stuff other than turn based gameplay other wise you may be disappointed with the overall result I’d keep my expectations low for making low latency multiplayer feasible best of luck on your endeavor!

1 Like

Yes, that would have to be implemented anyways, the “keepAlive” token, just in case to check “dead” players. I love that the code is executed server side, it allows me to have more security. One security concern I already mentioned though is people being allowed to change the speed (turtle). You should be able to disable that option.

By “pinging the player” what do you mean exactly? As I know, each “player” has a server dedicated for them, and if nobody is playing there will be no server running, therefore when somebody gets in the app there should be like a dead-check / clean-up

Off-topic, but do you know the limits of data saving / updating / loading / … , because there are limits but I don’t know what time specifically. Also, is there an option to disable your browser memorizing the text you’ve inputted in a text-box?

well yea obviously you need a host account with a whitelisted Id that acts as the server proxy which keeps track of all the players pretty much like making server credentials which the clients will connect to, like i said this won’t be an easy thing to do however this mostly won’t be the biggest deal since any new person that joins will automatically run the script again and kick all inactive players once initiated again you will be very limited though with the amount of data your talking about here it’s quite possible that you’ll be rate limited by firebase for sending too many requests

1 Like

To answer your other questions I’m not to sure of the limits myself but what i do know is that reading updating or saving a table counts toward the rate limit you can always look at the github repo for code-dot-org perhaps you may be able to find something there though for my recommendation of pinging the keepAlive token should be well above 10 seconds that way you won’t have any issues because basically your server will be running 2 requests one from the player and the server kicking people so you should set it at a reasonable timeframe as for the input boxes autofill I’ve been told clearing your browser cache should get rid of that issue i think it’s been answered once before as well if this answer doesn’t satisfy you I’d recommend searching for it

1 Like