hide the secret in many different places throughout the swf, and then combine them together to produce the actual code (using some odd formula). name them things that make it seem related to something else. part of the shared secret should also come from the server, so that it is different every time.
some lame examples: _root.someInvisibleMC._x=123; _root.someInvisibleMC._y=124; // 124 is hardcoded on the server // ... highscores = server.getHighScores(); // actually returns a random number which is also stored on the server var userID = getTimer(); server.trackUsage(userID); // server stores this value as well // ... var currentDate = MD5(_root.someInvisibleMC._y+highscores+userID+currentScore); // server can also calculate this, because it knows all the same pieces of data // ... submitScore(currentDate, currentScore); // actually submit the score to the server hope this gives you some ideas. in the end, it's pretty much impossible to completely secure it, you just have to make the barrier high enough that they will give up attacking your game, and try on some less-well defended one. but...if the player's score actually gives them some reward which has real value (a prize, or a coupon, or free download or something), assume that it will be hacked, no matter what you do. -David R On 9/20/06, Toon Van de Putte <[EMAIL PROTECTED]> wrote:
Hi, I'm building a Flash game that'll store a player's score in a database. To make sure the posts are coming from the swf, we're using MD5 to hash some (variable) player data together with a shared secret. This works fine, until someone downloads and decompiles the swf, and finds the shared secret. Do you have any best practices for hiding the shared secret as much as possible? I don't know enough about how the Flash IDE compiles swf's to figure this out on my own. Thanks! _______________________________________________ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com
_______________________________________________ Flashcoders@chattyfig.figleaf.com To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com
