I am making a browser card game. Each player has a number of purchased cards out of a big pool of available cards.
I need to make sure a player can not hack the cards he uses from the browser, so the server must authenticate he owns each card he uses and it is indeed the same card.
In order to make the app faster I want to store the cards data in an external JSON file and only say "player x owns cards y and z" and get the info on those cards from the JSON.
Are there any security patterns that can help me here?