Ah I see - thanks Glen. For this particular project, there would be very little benefit in cheating as there is no prize. However it certainly sounds like something I will use on my other game projects.
Thanks for your time writing out the explanation. Cheers Paul -----Original Message----- From: flashcoders-boun...@chattyfig.figleaf.com [mailto:flashcoders-boun...@chattyfig.figleaf.com] On Behalf Of Glen Pike Sent: 22 April 2009 15:27 To: Flash Coders List Subject: Re: [Flashcoders] Feasibility of xml file for high score data storage Hi, The public / private key thing is just about "encrypting" some of the score data that you pass to the server to stop people cheating your high score tables. for example, if your high score system in PHP uses a GET / POST something like this: scores.php?name=Glen&score=500 It's easy for me to cheat... But if you do (pseudo code): var key:String = "mysecretkey"; var encrypted:String = MyEncryptClass.encrypt("name=Glen&score=500", key); var result:Boolean = MyServer.sendScore(encrypted); And it does something like this: scores.php?command=submit&encrypted=asdiou23q890czoued9auc0 You can then use the server key to decrypt your message. (Public & Private keys are about "asymmetrical" encryption) Anyway, the idea is to make it harder for people to cheat - as the "data" is not very sensitive, you can go for a simple encryption option where you store the key in the SWF, which means that people can still decompile your Flash file and find out the key, but only the most dedicated of cheaters would do that... If you really want to go to town, you are probably going to have to create some kind of "login" for people to play the game / submit high scores, but to be honest, you can just go for simple score encryption - look at Jobe's stuff again - if your game does not have any kind of prize... You can get some AS3 / AS2 code that handles encryption which can be decrypted with functions in PHP. I have some links at home I can post later if you like.. Glen Paul Steven wrote: > Thanks for the reply Anthony. > > Can you elaborate on the public private key system and what this entails? I > have not heard that term before. > > Thanks > > Paul > > -----Original Message----- > From: flashcoders-boun...@chattyfig.figleaf.com > [mailto:flashcoders-boun...@chattyfig.figleaf.com] On Behalf Of Anthony Pace > Sent: 22 April 2009 14:25 > To: Flash Coders List > Subject: Re: [Flashcoders] Feasibility of xml file for high score data > storage > > Hello Paul, > > Making good use of a que would be required for writing to the file > without errors, so a database is the best and easiest way; as well, for > high scores, you might want to use a public private key system for > preventing xss exploits, as anyone that knows how to intercept and edit > the get or post data will be able to screw with the request to the > server, and you could end up with a hundred people having the best score > that the column in the DB will allow. > > Take care, > Anthony > > Glen Pike wrote: > >> Not working for Cornwall County Council by any chance??? :) >> >> Paul Steven wrote: >> >>> Thanks Glen and Ian >>> >>> Yes I am currently using a mysql database while the high scores are >>> hosted >>> on my site. The game is for a rather large organisation so it is not the >>> easiest task in the world getting a database set up at their end. The >>> mention of flash alone was enough to cause major panic so you can >>> imagine >>> the fear when I mentioned the need to upload php files to their server:) >>> >>> Cheers >>> >>> Paul >>> >>> -----Original Message----- >>> From: flashcoders-boun...@chattyfig.figleaf.com >>> [mailto:flashcoders-boun...@chattyfig.figleaf.com] On Behalf Of Glen >>> Pike >>> Sent: 22 April 2009 12:15 >>> To: Flash Coders List >>> Subject: Re: [Flashcoders] Feasibility of xml file for high score data >>> storage >>> >>> I am guessing that any server side code to update the XML file will >>> rely on the server to "lock" files, etc. >>> Databases are often optimised to allow for multiple "clients" to >>> update, but most file based commands will lock the file preventing >>> access by other "clients" so if your code throws a wobbly rather than >>> waiting, that could be a problem... >>> >>> Saying that, you could look at using SQLLite for example - this uses >>> a file based database, but your SQLLite "engine" will handle all of >>> the access - a lot of PHP installations come with this nowadays and >>> ASP code also uses ADOBC to connect to Access database files so you >>> will have a similar system. >>> >>> The upshot is that using a server side database engine will make life >>> easier because they will deal with problems like concurrent >>> connections for you :) >>> >>> Glen >>> >>> Paul Steven wrote: >>> >>> >>>> I was considering using an xml file to store high score data for a >>>> game. >>>> >>>> >>> It >>> >>> >>>> is quite possible that this game will have a significant amount of >>>> traffic >>>> (certainly in the first few days after launch) and I am now >>>> wondering if >>>> >>>> >>> an >>> >>> >>>> xml file would be suitable. I am not sure what happens in the scenario >>>> >>>> >>> where >>> >>> >>>> multiple players want to update the highscore at the same time - >>>> they will >>>> all need to write to the file. I assume this is the same scenario >>>> with a >>>> database but think perhaps updating a database is more efficient. >>>> >>>> Anyone care to offer any insight into whether an xml file would be >>>> >>>> >>> suitable >>> >>> >>>> or not? >>>> Thanks >>>> >>>> Paul >>>> >>>> _______________________________________________ >>>> Flashcoders mailing list >>>> Flashcoders@chattyfig.figleaf.com >>>> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders >>>> >>>> >>>> >>>> >>> _______________________________________________ >>> Flashcoders mailing list >>> Flashcoders@chattyfig.figleaf.com >>> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders >>> >>> _______________________________________________ >>> Flashcoders mailing list >>> Flashcoders@chattyfig.figleaf.com >>> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders >>> >>> >>> >>> >> _______________________________________________ >> Flashcoders mailing list >> Flashcoders@chattyfig.figleaf.com >> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders >> >> > _______________________________________________ > Flashcoders mailing list > Flashcoders@chattyfig.figleaf.com > http://chattyfig.figleaf.com/mailman/listinfo/flashcoders > > _______________________________________________ > Flashcoders mailing list > Flashcoders@chattyfig.figleaf.com > http://chattyfig.figleaf.com/mailman/listinfo/flashcoders > > > _______________________________________________ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders _______________________________________________ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders