More information about the Underscore mailing list

[_] Flash game - posting scores to a php scoreboard...

Oliver Humpage oliver at watershed.co.uk
Mon Dec 14 10:26:37 GMT 2009

On 14 Dec 2009, at 10:15, Spandex wrote:

>> It's also worth encrypting the data you send - even though someone  
>> can
>> get at your encryption key by decompiling the flash app, it'll put  
>> off
>> the casual cheater.
>
> A very lightweight way to do this is to MD5 the score together with
> some pre-arranged string the server and client agree on. Then send the
> score plaintext along with the MD5 as "proof".

As a general rule of thumb, include a timestamp in the checksum (and  
don't accept scores at the server end more than a couple of minutes  
old), otherwise you leave yourself open to replay attacks.

Oliver.