Thanks for the presentation.
I have a question that is related, but along different lines. I have
a flash game that saves high scores to the server and I want to
prevent high scores from being forged.
Initially the scores were send as a simple post request, e.g.
name=john&score=1000. This is a problem because it is trivial to
forge the request. So my solution was to create the post request as
follows:
name=john&score=1000&checksum= . md5(md5("My secret") . name . score)
on the server side, I can verify the checksum.
This works well enough, but an enterprising hacker can download my swf
file and run `strings game.swf` to extract "My secret", and then they
can forge the request. Is there any cryptography method that
guarantees the request is coming from my code?
Thanks,
John Campbell
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
