> Yes there is, John, but you may need to seriously consider whether > implementation is worth it. > > You can use a public/private key pair to perform asymmetric > encryption. That means that a value encrypted using one key can only > be decrypted using the other. This is the encryption scheme used for > SSL, where your browser uses the server's public key (aka Certificate) > to encrypt the request. > > So you would use the game's public key to encrypt hash-of-score:random > on the client side. And then on the server, you would use the game's > private key to decrypt the value and check the hash. > > Your tasks, should you choose to go this route, are to find an RSA > implementation in ActionScript to perform the encryption, and to use > PHP's OpenSSL support to perform the decryption. I'm pretty sure the > first task is going to be tougher than the second unless Adobe > provides an api in the Flash player. >
I don't follow how this is any better than what I have now? The public key is still stored in the swf, and there is nothing that prevents the key from being extracted from the swf and the request can still be forged. This seems to just be better obfuscation. _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
