Since the AJAX request is server side and can be seen, can't someone simply manipulate it in the browser console?
So if an addHighScore(globalVarHS) is an AJAX request (simplified for conversations sake) it can be found in the browser, right?
Then if they know what paramaters are needed can't they either change the variable value in the console or spoof it another way?
How can you authenticate an AJAX request to prevent this?
I know that I know enough to know stuff but not enough that it's dangerous—lol I mean, well, I think you can make sense of that.
I know this isn't really a construct issue, it is the same for any AJAX, but thought I would still ask here as well since Construct has the AJAX plugin
I don't need a full explanation if someone can point me in the right direction—a link or what the term is to search.