Thank you everybody for your replies.
They are very useful to see how to approach
this issue.
In our case we can't keep the state 100% in the server,
because we have action single player games, with lots
of users. Sending the state continuosly would mean
too much traffic.
But I think we can use
> if anyone use decompilers/http request.. will see .../script.php?
> foo1=1&foo2=2 but i have a little surprise in php:
If you use a recording HTTP proxy or packet sniffer, you will see (and can
modify) the entire HTTP request, not just the first line.
> 2. extra check in php - make sure script
This isn't even open for debate.
If you don't run your logic on the server, you have zero security.
End of story.
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
On Jun 18, 2008, at 12:25 PM, Ricky Bacon wrote:
Security through obscurity is not a very good idea. You also still
have the problem of someone decompiling the swf and modifying it to
their needs.
If Flash Media Server 3 is being used, for a very nice level of
protection it can hash the
[EMAIL PROTECTED] wrote:
yes and no
2. extra check in php - make sure script is called from swf and not from
browser. you can add some ip ban script for those who try.
And I can spoof the headers... ;)
If you give someone access to game logic on the client, they can hack it.
-Ricky
___
yes and no
solution comes in 2 parts:
1. use loadvariables
loadVariables(.../script.php?foo1=1&foo2=2, this, "POST")
this is something: when u use loadvariables... flash will send all
_root variables too... so php will recive foo1, foo2 and all variables
that reside in _root ... with loadva
[EMAIL PROTECTED] wrote:
this might help you:
http://cosmincimpoi.blogspot.com/2007/09/loadvariables-security-by-built-in.html#links
Security through obscurity is not a very good idea. You also still have
the problem of someone decompiling the swf and modifying it to their needs.
-Ricky
__
this might help you:
http://cosmincimpoi.blogspot.com/2007/09/loadvariables-security-by-built-in.html#links
email me for details
On Jun 18, 2008, at 4:19 PM, Abe Pazos wrote:
Does anyone know documentation explaining
how to secure Flash client / Server communication?
Imagine you have a Fl
Abe Pazos wrote:
How does it work in online casinos? I guess the result
is probably calculated before it happens on server side,
so you just see a representation. This is possible in cases
where the input are some numbers, and the result is
calculated from that input. But this involves no real
us
9 matches
Mail list logo
