protecting client from javascript console

Question

I just finished a app with Meteor that was kind of to test the waters and really try to figure Meteor out. My application is a two player game with 64 buttons. Two users enter a single game, whoever presses the most buttons, wins. Everything works well for the most part except for one part, a user in the game can easily cheat by typing some jQuery into the console the most obvious is $('.button').click();. After a while of searching through Meteor Docs and trial and error I am stumped. The buttons are part of a collection specific to the two players. As soon as one player logs in the server side code inserts buttons into a collection called "Games". How can I protect users from modifying code via JavaScript console? I obviously don't want to post 100s of lines of code and I hope I gave you the gist of how my application operates if you want to see specific code please check out my Git Repo. Also heres a link to the actual game : Bubble Popper

Answer 1

From How does Facebook disable the browser's integrated Developer Tools?

This should only work for chrome.

Object.defineProperty(console, '_commandLineAPI',
 { get : function() { throw 'Nooo!' } })

That being said - this isn't security - just a cosmetic thing / security from ignorance.

Security should happen via your server side Meteor.methods, and from your allow/deny rules in the db.

Answer 2

You can't control what your clients do on their computers. You best hope is to add some restrictions on the server side. Perhaps it's not possible for any human to click on two buttons within 1 second? If it's not, then add this restriction on the server.