On-line gambling applications are possible where single transactions are
worth significant amounts of money.
You need to think very carefully about the design and be sure that the
server can validate the score independently of the client.
One possible line of thinking is to send the server regular progress
indications and validate the users path through the game. The next
transaction not only has to be valid in itself but also has to be valid
in terms of all previous transactions. If the sequence of progress
points gets broken, then you refuse to accept the final score. This is a
simple state engine on the server.
Keeping part of the game logic on the server is the best way to ensure
that access to the client code is not enough to break the game. ie. send
a transaction to the server and get back the outcome, mark the result on
the server and let the client setup the game to the state returned by
the server for the next interaction. This way, a fake client can not
simply send a sequence of transactions. You can also enforce a minimum
amount of time between transactions and steer someone to a dead end
position if they play too fast (ie use an automatic transaction
generation system).
If the user already has a winning path through the game and has recorded
how to do it, you may get a lot of high scores from 1 person. That is
another problem. If you randomize the outcomes on the server side, you
can make sure that each game must follow a different path.
Just as every security measure has a successful hack, every hack can be
countered. Welcome to the battleground.
Vigilance is one of the big expenses in real casinos. The best on-line
gaming companies recognize that they always have to be looking for
evidence of new hacks, for gamers finding new way to collude and for all
kinds of fraud that they have not foreseen.
Ron
Tjeerd Boerman wrote:
Hey, Thanks for your response
So you are saying I can't start a serious ladder for these games, with
reasonable amounts of security?
PS: I'm not following a flash course here, thats for sure ;)
Greets,
Tjeerd
Weyert de Boer wrote:
Hi Tjeerd,
Never period, as long you have access to the files in use by the game
or any applications. You can cheat period. Sometimes it's harder to
get around... I would expect you have learned all the tricks in
Enschede!
Yours,
Weyert de Boer
_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
