Due to the nature of Flashs, someone will always be able to revere
engineer the code.
So how about this(if it doesn't slow things down too much):
When the game loads up, have the Flash program connect to the server and
provide it with some information(how about hashing the ipaddress,
username, and current score in some manner with a secret key)
So now you have some session information on the user. Their username,
their ipaddress, and a score. In return, the server provides the client
with a new secret key.
Every 2 minutes, connect to the server again and provide the ipaddress,
username, and current score and a hash with the new key.
When the game is over, connect to the server and post the information a
final time, ipaddress, username, and current score, the hash, and the
status code(completed).
So now you have a sequence of records:
1.1.1.1 Gary 0 Hash: xxx newkey: abc
1.1.1.1 Gary 1000 Hash: xxx newkey: bcd
1.1.1.1 Gary 50000 Hash: xxx newkey: bcd
1.1.1.1 Gary 500000 Hash: xxx - final score
So you only accept a final score that has a history behind it. To
"repeat" the attack the hacker needs to run a new sequence of inputs.
So at best, for a game you know takes at least 10 minutes, he can only
submit 1 high score every 10 minutes.
Then if someone complains of cheating, you have logs to go through and
see if something jumps out, and how to change your final score
acceptance algorythm to accomodate.
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
