How about computing the hash based on the date and time when someone invokes the high score? Time can be +- 15 seconds to account for the amount of time to get to the server. The server computes the same hash when it receives the call and then compares. Someone could possibly grab the hash in Charles and plug it in to some code to call it but probably not in 15 seconds. By then the hash will be out of date.
Or, you could send a date/time string hash as well as the high score hash and make sure that is within your parameters. Just thinking out load here... --- In flexcoders@yahoogroups.com, Clark Stevenson <a.scots...@...> wrote: > > Thanks for your help guys. > > > Oleg: > > I didnt really understand what you meant. The server cant know about your > highscroe locally? IE: you score 13 points. You need to tell the server that > you got 13 points. How could the server know otherwise that you got 13 > points? > > Valdhor: > > I think this is something we approached first. When the HTML page is > generated, a hash is created which must be passed along with the username > for anything to happen. Its just for my brain, whats to stop me using > charles to see the hash, then calling "highscore(userID, hash, > 39894809489048840984)". Its for this reason i dont understand hashs, they > help but not really. > > https was also another option but i think that this application uses > different networks > > Game.swf comes from game.com > UserInfo comes from network1.com, network2.com > > I believe this makes HTTPS impossible? > > Anyways thanks again. > > Cheers, > > Clark. > > > > On 11 August 2010 14:35, valdhor <valdhorli...@...> wrote: > > > > > > > You could always use a secure connection via https. Also, you could send an > > encrypted username and password. For example, every thirty minutes generate > > a new password string. The server can use the same algorithm to generate a > > string and then you could compare them. > > > > > > --- In flexcoders@yahoogroups.com <flexcoders%40yahoogroups.com>, Clark > > Stevenson <a.scotsman@> wrote: > > > > > > Hi all. > > > > > > I am new to AMFPHP. Lets say you have a class and a function: > > > > > > SomeClass.saveHighScore(304958); > > > > > > For me, the way i see it, is that anyone using Charles can call this > > > method? Whats to stop anyone from calling it directly? > > > > > > SomeClass.saveHighScore(20394948548438484). > > > > > > > > > Can any one advise me on ways i could secure this method? > > > > > > Thanks. > > > > > > Clark. > > > > > > > > > >
