Clark Stevenson wrote:
Hi all.

I am new to AMFPHP.  Lets say you have a class and a function:

SomeClass.saveHighScore(304958);

For me, the way i see it, is that anyone using Charles can call this
method? Whats to stop anyone from calling it directly?

SomeClass.saveHighScore(20394948548438484).


Can any one advise me on ways i could secure this method?

Hi Clark,

first of all, there is no secure method; you can just make it harder.

Consider this scenario:
the website uses a server session. When the game starts, or just prior to
sending highscore, the movie asks the server for some token (which will
be stored in the serverside session data)
Now the movie performs some calculations with the token and the value,
and sends result of calculation.
Server can verify that the client was indeed using the token matching its
session ID. The calculation is sort of a crypt thing, obviously

Wolfgang

Reply via email to