This is true. However, if someone is prepared to submit fake post
requests to hack your high scores, are they not going to decompile your
SWF to see how you encrypt the high scores?
My recommendation is to submit the level reached and the score, and have
the server validate these (ie that the score achieved was possible for
the level reached). Also, make the client inform the server every time
a new level is reached, and validate that these are not occuring too
fast (ie at least 20 seconds apart). And encrypt any important data
sent to/from the server, but use some stupid algorithm you made up, do
it inline (don't use a encrypt/decrypt function), and then obfuscate
your actionscript. Oh, and if any of these server side checks fail,
just ignore any high scores from that IP address.
Or, just admit that faking high scores is nigh impossible when the
client is so easily modified, and don't worry about it :)
Regards,
Grant Cox
Dave Mennenoh wrote:
MD5 isn't going to help encrypting a high score is it? It's a one way
hash...
Dave -
Adobe Community Expert
www.blurredistinction.com
www.macromedia.com/support/forums/team_macromedia/
_______________________________________________
[email protected]
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
_______________________________________________
[email protected]
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
