Hello, I want to build a website with free flash games, so I can save the score the users gets at that game in a database. Is there any way I can store a user's score at a certain flash game in a database? I heard that there are special flash games with highscore, but there isn't any specific documentation about that. I finded out later that these games with highscore have a serious security issue, and users may submit scores like 10.000.000.000, using a Firefox Add-on, Tamper Data - https://addons.mozilla.org/en-US/firefox/addon/966 . Is there any way to fix this? This security bug keeps me from starting building the website. Thank you in advance for your help.
Read these, they will give you some tips: http://stackoverflow.com/questions/46415/ http://stackoverflow.com/questions/73947/ http://stackoverflow.com/questions/25999/ But you can never with 100% certainty prevent anyone from cheating.
I can help you with this. U need to use intricate math encryption using POST over to PHP. And you can write to a txt file and then check the php post score with the score listed in the file and then delete the file. I can do this for you. Also you can look into something similar to mochiboards with a secret key to encrypt it. Also you can looking into something like a mutating encryption but that is really heavy duty. Pm me if u want some help
rnc505 is right. You need to validate the data on both the server and the client side. You also need to put parameters. If it's impossible to get a score of 1000 then check for it. Of course it would be pretty hard for each game.
Just use encryption - instead of sending the raw Numeric value - send an encrypted value from the flash that is based on date or time and only your server has the key... also have the encryptedvalue based on the user id or user session - this should thwart them high score cheaters
Most existing High Score flash game packages on the net out there for purchase do just post RAW data, and can be tampered with fairly easily for someone willing to go through the effort. If you are a flash developer or have sources to the flash files sending this data, the best solution would be to use some type of custom encryption that can be decrypted via PHP. This still obviously isn't 100% secure, if someone figures out how you're encrypting this data.