1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Secure Flash Games Highscore

Discussion in 'Programming' started by Aliniuz2, Sep 8, 2009.

0
  1. #1
    Hello,

    I want to build a website with free flash games, so I can save the score the users gets at that game in a database.

    Is there any way I can store a user's score at a certain flash game in a database?

    I heard that there are special flash games with highscore, but there isn't any specific documentation about that. I finded out later that these games with highscore have a serious security issue, and users may submit scores like 10.000.000.000, using a Firefox Add-on, Tamper Data - https://addons.mozilla.org/en-US/firefox/addon/966 . Is there any way to fix this?

    This security bug keeps me from starting building the website. :(

    Thank you in advance for your help.
     
    Aliniuz2, Sep 8, 2009 IP
  2. premiumscripts

    premiumscripts Peon

    Messages:
    1,062
    Likes Received:
    48
    Best Answers:
    0
    Trophy Points:
    0
    #2
    premiumscripts, Sep 8, 2009 IP
  3. rnc505

    rnc505 Peon

    Messages:
    300
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    0
    #3
    I can help you with this. U need to use intricate math encryption using POST over to PHP. And you can write to a txt file and then check the php post score with the score listed in the file and then delete the file. I can do this for you. Also you can look into something similar to mochiboards with a secret key to encrypt it. Also you can looking into something like a mutating encryption but that is really heavy duty.

    Pm me if u want some help
     
    rnc505, Sep 18, 2009 IP
  4. SGBoise

    SGBoise Peon

    Messages:
    647
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    0
    #4
    rnc505 is right. You need to validate the data on both the server and the client side.

    You also need to put parameters. If it's impossible to get a score of 1000 then check for it. Of course it would be pretty hard for each game.
     
    SGBoise, Sep 18, 2009 IP
  5. ccoonen

    ccoonen Well-Known Member

    Messages:
    1,606
    Likes Received:
    71
    Best Answers:
    0
    Trophy Points:
    160
    #5
    Just use encryption - instead of sending the raw Numeric value - send an encrypted value from the flash that is based on date or time and only your server has the key... also have the encryptedvalue based on the user id or user session - this should thwart them high score cheaters :)
     
    ccoonen, Sep 19, 2009 IP
  6. phprightnow

    phprightnow Peon

    Messages:
    296
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Most existing High Score flash game packages on the net out there for purchase do just post RAW data, and can be tampered with fairly easily for someone willing to go through the effort. If you are a flash developer or have sources to the flash files sending this data, the best solution would be to use some type of custom encryption that can be decrypted via PHP. This still obviously isn't 100% secure, if someone figures out how you're encrypting this data.
     
    phprightnow, Sep 19, 2009 IP