David Rorex schrieb:
hide the secret in many different places throughout the swf, and then
combine them together to produce the actual code (using some odd formula).
name them things that make it seem related to something else. part of the
shared secret should also come from the server, so that it is different
every time.
some lame examples:
_root.someInvisibleMC._x=123;
_root.someInvisibleMC._y=124; // 124 is hardcoded on the server
// ...
highscores = server.getHighScores(); // actually returns a random number
which is also stored on the server
var userID = getTimer();
server.trackUsage(userID); // server stores this value as well
// ...
var currentDate =
MD5(_root.someInvisibleMC._y+highscores+userID+currentScore); // server can
also calculate this, because it knows all the same pieces of data
// ...
submitScore(currentDate, currentScore); // actually submit the score to the
server
hope this gives you some ideas. in the end, it's pretty much impossible to
completely secure it, you just have to make the barrier high enough that
they will give up attacking your game, and try on some less-well defended
one.
but...if the player's score actually gives them some reward which has real
value (a prize, or a coupon, or free download or something), assume that it
will be hacked, no matter what you do.
-David R
reminds me of:
http://thc.segfault.net/root/phun/unmaintain.html
:-)
micha
_______________________________________________
[email protected]
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
