> One of the possible tricks that you can use, is to send messages to your > "high-score" server during the game so that you can verify that the person > passed certain checkpoints. You can throw these away after the final score > is recorded and validated. > At the checkpoints, you can record current score, a game state(if that is > relevant) and a timestamp and then do a quick reasonableness check when the > final score is recorded. > > You need to assume that the cheater has read your client-side code. > A determined cheater can always build a simulator for your game and replace > your game with their simulator.
Keep in mind that all communication between the client and the server can be recorded by the client (or the server for that matter, not that that would be a threat). So, those messages could also be recorded. SSL/TLS will not prevent this, either - it'll simply mean that the communication can only be recorded by the client or server endpoints, and nothing in between. > The crossdomain file gives you some protection. That doesn't protect the server, only the client's machine. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! _______________________________________________ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
