There was a long discussion about this a while ago. You might try
searching the archives or using Google.
One of the suggestions was to track the progress of the game rather than
just the final score.
If you build a small Finite State Machine on the server side and have
the client report the state of the game to the server, you can check to
see if the player is actually playing the game and you can track scores
and game position(whatever this means in your game) to make sure that
the player goes through all of the "right stages" in the game and that
the interim scores are possible pre-cursors to the final score that the
user claims to achieved.
Encrypting all of these messages will also help but this forces the
hacker to reverse engineer quite a bit of your game to show the "right
path" to the final result. The "right path" through the state machine is
only stored on the server so that makes it even harder since the client
side code shows no evidence of what the server is checking for state
transitions; it only sends the state to the server.)
If you include timestamps, you can make sure that a player takes a
"reasonable" amount of time to pass through each step (For example. you
can not claim to have solved a New York Times crossword puzzle in 50
ms.; you have to submit each Down or Across word with an inter-answer
gap of at lease 2 seconds and take at least 5 minutes to solve the whole
game).
Mix and match to fit your game.
Ron
JulianG wrote:
Thanks Danny!
There is a prize involved, but no money. I mean users do not pay for
this.
I'll take a look at the SHA-1 algorithm.
Of course hackers will be able to find the encryption string by
"decompiling" the SWF.
So I might need some code obfuscation, which I'm not a big fan of.
Thanks,
JulianG
Danny Kodicek wrote:
Depending on how secure you need it to be (ie, whether there's money
or a
prize involved), a simple solution is to use SHA-1 (I think Branden Hall
made a SHA-1 encryption algorithm a while back, and it's standard in
PHP).
Have a long key string which both your Flash file and the PHP page know,
then append the score to this key string and hash it. Send the score in
plain and the hash alongside, then your server script can
authenticate the
score with the hash to make sure it's the right answer. This will
stop the
casual hacker.
Danny
_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
