是的，如果你设计了这样的游戏，那将很容易黑客攻击。但为什么这个特定于HTML5？你可以用任何类型的游戏来做到这一点。即使使用本地桌面游戏，您仍然可以伪造该请求。唯一的区别是伪造HTTP请求比桌面游戏的逆向工程请求更容易。

解决方案是添加某种验证到胜利 - 实际的算法会因游戏而异。也许有服务器跟踪游戏的进度，而用户正在玩。例如，如果它是一盘国际象棋游戏，则可以将所有动作发送到服务器，并确认动作是否正确。不过，即使是实时游戏，这也会变得更加复杂。

但是无论您决定使用哪种算法，它都会被击败。即使是我刚才提到的国际象棋验证也可以被绕过：您可以创建自己的有效国际象棋游戏，每次只向服务器发送相同的动作，以确保游戏的有效性。 （这是假设玩家反对电脑 - 让两个人相互对抗会让事情变得更容易。）

HTML5 will be widely adopted as a way to design games, is the prediction. But I have my questions about this: how can an online HTML5 game ever be secure?

Let me give you an example: imagine this platform game where you gain badges when you win, for example, an extremely hard level. When you have actually won this badge, a request is made to the server, in order to update your online profile. Isn't it extremely simple for a hacker to just send this request and gain the badge, without playing the actual game? Because:

• The client-side source code is visible and impossible to hide
• It is possible to execute Javascript from the command-line

I don't see a way to prevent this hacker from gaining his badge... Is there any way to make this game safe?

Yes, if you designed your game like that, it would be very easy to hack. But why is this specific to HTML5? You could do that with any type of game that was written like that. Even with a native desktop game you could still fake the request. The only difference is that faking HTTP requests is easier than reverse-engineering requests made by a desktop game.

The solution would be to add some kind of "validation" to the victory--the actual algorithm would vary from game to game. Maybe have the server track the game's progress while the user is playing. If it were a game of chess, for example, you could send every move to the server and have the moves validated to make sure they work out correctly. This gets more complicated with real-time games, though.

But whatever algorithm you decide to use, it will be defeated. Even the chess validation that I just mentioned could be bypassed: you could just "create" your own valid game of chess and just send the same moves to the server every time, ensuring that the game was valid. (This is assuming that the player is against a computer--having two humans play against each other would make things easier.)