我想在没有任何服务器端支持的情况下在浏览器中进行测验。测验结束后,如果用户通过了,我想生成一个成就证书。我想确保此证书不是由用户创建的虚假证书。有没有办法做这个纯客户端javascript?
问问题
54 次
2 回答
1
There should be a minimum server-side involvement:
Answers should be validated on the server. It's a useless quiz if you ship the answers with it to the browser. It's like handing a student a quiz paper, with the answers at the back of the page. Similarly, a few breakpoints in dev tools can reveal where your answers are being compared against the user's answer.
The actual record of the users accomplishing the quiz should be recorded on the server. The certificate would only be something to represent the achievement. For example, If the certificate is just a printable HTML, I would just edit the page to contain my name and presto! Instant achievement! With a certificate alone, you wouldn't know if it's legit.
于 2013-10-28T04:48:34.327 回答
0
不,纯 JavaScript 永远不会被信任,因为用户可以通过大多数标准浏览器附带的开发人员工具轻松影响/控制其执行。您必须包含服务器端功能才能使其免遭篡改。
于 2013-10-28T04:48:16.143 回答