Andrew, this is great! I like the simplicity of it and the fact that it's mobile friendly. Great work and keep making these little projects. It's posts like these that show me someone really enjoys coding.
Just wanted to give you a word of warning: Airtable's API is not meant to be run in the browser. I pressed Ctrl+U in my browser while trying out your game and was easily able to extract your API key which, based on the way Airtable currently has everything set up, has the same privileges as your user account. While I may not have any nefarious intentions, I can't promise the same for someone else. I could place myself at the top of the leaderboard in a couple lines of code with that key, or worse, create thousands of records which would fill the Base and hit the max of your free tier quota in Airtable. I just want to let you know so that you don't run into this problem!
You may want to take a look into something like Firebase if you want to avoid creating a backend server to hide the API key. Firebase has a really easy database system that one can launch on the front end without writing any nodejs backend code.
I definitely wish Airtable had better security around their keys, or else I would certainly be using it as my database replacement for all of my hobby projects! Again, great work! You may just want to restructure the way you are currently managing your leaderboard system for security purposes.
Hey Christopher, thanks for pointing that out. I had actually used firebase in the past for some similar web games, but used airtable for the ease. I will fix this pronto thanks a lot. Appreciate deeply your feedback!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Andrew, this is great! I like the simplicity of it and the fact that it's mobile friendly. Great work and keep making these little projects. It's posts like these that show me someone really enjoys coding.
Just wanted to give you a word of warning: Airtable's API is not meant to be run in the browser. I pressed Ctrl+U in my browser while trying out your game and was easily able to extract your API key which, based on the way Airtable currently has everything set up, has the same privileges as your user account. While I may not have any nefarious intentions, I can't promise the same for someone else. I could place myself at the top of the leaderboard in a couple lines of code with that key, or worse, create thousands of records which would fill the Base and hit the max of your free tier quota in Airtable. I just want to let you know so that you don't run into this problem!
You may want to take a look into something like Firebase if you want to avoid creating a backend server to hide the API key. Firebase has a really easy database system that one can launch on the front end without writing any nodejs backend code.
I definitely wish Airtable had better security around their keys, or else I would certainly be using it as my database replacement for all of my hobby projects! Again, great work! You may just want to restructure the way you are currently managing your leaderboard system for security purposes.
Hey Christopher, thanks for pointing that out. I had actually used firebase in the past for some similar web games, but used airtable for the ease. I will fix this pronto thanks a lot. Appreciate deeply your feedback!