Is JApplet Writing safe?

Question

So I am creating a JApplet Game, and I am saving the users info to a .txt file in the APPDATA. Is there a safer way to save their info, that won't allow them to edit it to cheat?

Answer 1

Basically, the only way to prevent cheating is to have a server under your control calculate the score and otherwise enforce game rules. If you were writing a peer-to-peer game, there might be some protocol to allow users to determine if another player was cheating without involving you. ACM sigecom regularly publishes research about such protocols. However, because of the restrictions of the applet security model, users would need to grant your applet special permission for it to talk directly to other users anyway.

Speaking of that, I would advise against "saving the user's info to a .txt file". %APPDATA% is Windows-only, thus breaking "write once run anywhere"; and the default applet sandbox does not allow reading or writing local files, so you'd have to sign the applet and convince your users that it was special enough to merit such elevated privileges.

However, you do have a few options for applet/server communication:

• REST calls using java.net.URL
• SOAP calls (there are several libraries for this)
• RMI (only if the server is written in Java)
• Your own custom protocol over TCP

Applets can't read and write cookies directly, but JavaScript can, and JavaScript can call methods on applets. One last way to pass information from the server to the applet (but not back out) is through PARAM tags. You could even pass initial game-state data signed by the server's private key and base64 encoded in a PARAM tag; which would prevent anyone from "editing" it, although I can't think of any way to completely prevent cheating if something about the game-state is supposed to be hidden from the player but known within the applet code.