> I'm developing a small flash game for a website. > Users must register and log-in before they're allowed to post > their scores to the back-end. > Nevertheless I don't want to have the scores posted in a > simple way, because someone could easily, sign up, log-in, > and then post a higher score without even playing the game. > > My idea is to encrypt the score using some algorithm in > ActionScript, something that I can reproduce in PHP on the > server side. > I don't want them to be able to read an encrypted score and > then try similar strings in order to get a higher score by > chance. I think the encrypted string should have a check > digit or character or something so it auto-validates. > > Do you know of anywhere I could start reading? > or perhaps get an encryption algorithm that I can use?
Depending on how secure you need it to be (ie, whether there's money or a prize involved), a simple solution is to use SHA-1 (I think Branden Hall made a SHA-1 encryption algorithm a while back, and it's standard in PHP). Have a long key string which both your Flash file and the PHP page know, then append the score to this key string and hash it. Send the score in plain and the hash alongside, then your server script can authenticate the score with the hash to make sure it's the right answer. This will stop the casual hacker. Danny _______________________________________________ [email protected] To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com
