I wrote a couple flash client / php server casino games. I didn't
actually do the flash client part (takes me forever to produce nice
looking stuff with that app) but I did come up with the api. It used
a token and timestamps that were hashed with a secret key - pretty
similar to the way that Amazon's api works. The only way I came up
with to really prevent cheating was to keep all of the game logic on
the server and use the client to send user actions and display the
response. So for a blackjack game, for example, the client would say
start a new game - which would give it a new token - then the server
would deal the cards and tell the client which cards it was dealt, the
client would tell the server if it was hitting, staying, splitting,
doubling, etc. and then the server would tell the client if it won or
not.
Sort of a side note here... but I also had a client once ask if we
could serve a video in a flash player and make it not possible for
anyone to download it. I told them we would have to embed the video
in the flash player timeline (which makes it not look as good), we
would have to encrypt the whole thing somehow and obfuscate the key to
unencrypt it (perhaps it could be timestamp based and requested from
the server which would send back a current key to use and verify the
client was authorized to have it). After going through all that
trouble and spending a ton of money, a really good hacker could still
crack it and even worse... any screen capture program could easily
save the video as another file. That was my long way of saying... it
can't be done.
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
