Not exactly.
You would also provide a set of server side routines that allow them to
specify the legal transaction flows.
I suppose that you also give them the client side routines that
facilitated the communications.
You might want to look at the open source game servers for Flash to see
if you can either use their facilities or add extensions to support
single user games.
Ron
Tjeerd Boerman wrote:
Thanks Ron, this is response really helped me!
Translating to the library thing, the only way to create a semi-secure
highscore submitting system is by coding it myself, and never giving
anyone the source?
That would mean what I envisioned (users creating their own games with
this library to use on the site) is impossible, since every game would
need custom
security code so I can validate the game flow on the server, to
achieve some security, correct?
Cheers!
T. Boerman
Ron Wheeler wrote:
On-line gambling applications are possible where single transactions
are worth significant amounts of money.
You need to think very carefully about the design and be sure that
the server can validate the score independently of the client.
One possible line of thinking is to send the server regular progress
indications and validate the users path through the game. The next
transaction not only has to be valid in itself but also has to be
valid in terms of all previous transactions. If the sequence of
progress points gets broken, then you refuse to accept the final
score. This is a simple state engine on the server.
Keeping part of the game logic on the server is the best way to
ensure that access to the client code is not enough to break the
game. ie. send a transaction to the server and get back the outcome,
mark the result on the server and let the client setup the game to
the state returned by the server for the next interaction. This way,
a fake client can not simply send a sequence of transactions. You can
also enforce a minimum amount of time between transactions and steer
someone to a dead end position if they play too fast (ie use an
automatic transaction generation system).
If the user already has a winning path through the game and has
recorded how to do it, you may get a lot of high scores from 1
person. That is another problem. If you randomize the outcomes on the
server side, you can make sure that each game must follow a different
path.
Just as every security measure has a successful hack, every hack can
be countered. Welcome to the battleground.
Vigilance is one of the big expenses in real casinos. The best
on-line gaming companies recognize that they always have to be
looking for evidence of new hacks, for gamers finding new way to
collude and for all kinds of fraud that they have not foreseen.
Ron
Tjeerd Boerman wrote:
Hey, Thanks for your response
So you are saying I can't start a serious ladder for these games,
with reasonable amounts of security?
PS: I'm not following a flash course here, thats for sure ;)
Greets,
Tjeerd
Weyert de Boer wrote:
Hi Tjeerd,
Never period, as long you have access to the files in use by the
game or any applications. You can cheat period. Sometimes it's
harder to get around... I would expect you have learned all the
tricks in Enschede!
Yours,
Weyert de Boer
_______________________________________________
[email protected]
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
_______________________________________________
[email protected]
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
_______________________________________________
[email protected]
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
_______________________________________________
[email protected]
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
_______________________________________________
[email protected]
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
