You could always use a secure connection via https. Also, you could send an
encrypted username and password. For example, every thirty minutes generate a
new password string. The server can use the same algorithm to generate a string
and then you could compare them.
--- In
Thanks for your help guys.
Oleg:
I didnt really understand what you meant. The server cant know about your
highscroe locally? IE: you score 13 points. You need to tell the server that
you got 13 points. How could the server know otherwise that you got 13
points?
Valdhor:
I think this is
If you want it to be fairly untouchable, have all your game logic on the
server. The only thing the swf does is gather input, and display state.
That way, nobody can spoof the game logic (which is pretty much your
issue).
Gk.
Exactly, what Gk said.
You can make it difficult to forge the data on client, but you cannot 100%
prevent it from being cracked, so, better, keep the score on the server.
How about computing the hash based on the date and time when someone invokes
the high score? Time can be +- 15 seconds to account for the amount of time to
get to the server. The server computes the same hash when it receives the call
and then compares. Someone could possibly grab the hash in
Zoli is right. Usage of a specific object type in a method signature
is irrelevant to security. In fact, you do not even need to know AMF
to do it. One could easily use something like ServiceCapture to
understand the structure of the argument type then construct a similar
object and run it a local
I think you're misunderstanding my argument Mark. Of course you can
spoof any message you want, and you don't have to be an expert either to
do it; you could use the amfphp service browser of SabreAMF as a library
or a Flash movie to send any message whatsoever to a gateway.
The issue with
7 matches
Mail list logo
