Thank you everybody for your replies.
They are very useful to see how to approach
this issue.
In our case we can't keep the state 100% in the server,
because we have action single player games, with lots
of users. Sending the state continuosly would mean
too much traffic.
But I think we can use
Does anyone know documentation explaining
how to secure Flash client / Server communication?
Imagine you have a Flash game. When the game is over,
the score is stored in the server.
The value can be changed from 150 points to 100
points in memory using some game cracking tools, if
you use
Abe Pazos wrote:
How does it work in online casinos? I guess the result
is probably calculated before it happens on server side,
so you just see a representation. This is possible in cases
where the input are some numbers, and the result is
calculated from that input. But this involves no real
this might help you:
http://cosmincimpoi.blogspot.com/2007/09/loadvariables-security-by-built-in.html#links
email me for details
On Jun 18, 2008, at 4:19 PM, Abe Pazos wrote:
Does anyone know documentation explaining
how to secure Flash client / Server communication?
Imagine you have a
[EMAIL PROTECTED] wrote:
this might help you:
http://cosmincimpoi.blogspot.com/2007/09/loadvariables-security-by-built-in.html#links
Security through obscurity is not a very good idea. You also still have
the problem of someone decompiling the swf and modifying it to their needs.
-Ricky
yes and no
solution comes in 2 parts:
1. use loadvariables
loadVariables(.../script.php?foo1=1foo2=2, this, POST)
this is something: when u use loadvariables... flash will send all
_root variables too... so php will recive foo1, foo2 and all variables
that reside in _root ... with
[EMAIL PROTECTED] wrote:
yes and no
2. extra check in php - make sure script is called from swf and not from
browser. you can add some ip ban script for those who try.
?php
if (!isset($_REQUEST[speed]) || !isset($_REQUEST[stuffurl])) die();
And I can spoof the headers... ;)
If you give
On Jun 18, 2008, at 12:25 PM, Ricky Bacon wrote:
Security through obscurity is not a very good idea. You also still
have the problem of someone decompiling the swf and modifying it to
their needs.
If Flash Media Server 3 is being used, for a very nice level of
protection it can hash
This isn't even open for debate.
If you don't run your logic on the server, you have zero security.
End of story.
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
if anyone use decompilers/http request.. will see .../script.php?
foo1=1foo2=2 but i have a little surprise in php:
If you use a recording HTTP proxy or packet sniffer, you will see (and can
modify) the entire HTTP request, not just the first line.
2. extra check in php - make sure script is
10 matches
Mail list logo
