How do I secure my HTML5 exported file?

  • I have a basic question on controlling the access to the C2 HTML5 exported file ( and hosted on a web server for example), then in that I want only a list of selected users to access the game.

    Although, I was successful in authorizing the user for valid access etc,I am still able to see the index.html link of the file in the debug console of the browser. So if any unwanted user copy-pastes this link, he will still be able to load the file.

    I believe some code should be written directly in the index.html file after HTML5 export, to prevent the access?

    Please throw some light if you have encountered such circumstances and how to get around?

    Thanks,

    Ravindra

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads
  • You can do this by editing the .htaccess file, if your hosting your game on a web server where you are able to use this. If you're hosting the game on dropbox for example I can't help you.

    This article covers a couple of way of limiting the access to your file: k-state.edu/tools/restrict-access

  • Thank you very much. I will take a look into this.

  • Hi jimutt, while this is great information, I fear I might not be able to use this approach as this requires prompting the user for user-id/passwd.

    My scenario is slightly different in that I am publishing on a platform which already authorizes the user and sends me some launch key information when that user clicks on my game. These launch keys are dynamically generated and I need to validate the launch keys, once successful, I need to display the actual content. Please let me know if there are any other approaches that can be used in such scenario.

  • Hey kmsravindra

    If you can't use .htaccess, the best way to do what you need is to do it in PHP.

    You said that the platform sends a lanch key. So just change the index.html into index.php and add a check on the key. If you receive a valid key, display the page, if not, display an error message.

  • Hi Guizmus, Thanks for that suggestion. I will try that out.

  • If you know the users IP address and web browser you could change the index.html to checked.html or something then create an index.php script that checks for a matching IP address/browser information before and if a match occurs direct to the checked.html file. I have a more involved method of verifying users at contactwizardpro.com but it was a real pain to set up properly in c2. However it does prove verification is possible on a hosted server.

    Also make sure using the above that you set your directory attributes on the server so people can't read them. Otherwise they could just view your php check file and adjust so they can gain access using your set rules.

  • Hi , Thank you.

    Lot of great suggestions., I think C2 - HTML5 exported file protection and accessibility control is something that can be added as a faq.

Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)