[_] Flash game - posting scores to a php scoreboard...
oliver at watershed.co.uk
Mon Dec 14 10:26:37 GMT 2009
On 14 Dec 2009, at 10:15, Spandex wrote: >> It's also worth encrypting the data you send - even though someone >> can >> get at your encryption key by decompiling the flash app, it'll put >> off >> the casual cheater. > > A very lightweight way to do this is to MD5 the score together with > some pre-arranged string the server and client agree on. Then send the > score plaintext along with the MD5 as "proof". As a general rule of thumb, include a timestamp in the checksum (and don't accept scores at the server end more than a couple of minutes old), otherwise you leave yourself open to replay attacks. Oliver.