I am currently working with a friend in a flash game. He wants to insert ratings into the database when the player finishes the game. He uses this tutorial for flash - http://www.tizag.com/flashTutorial/flashforms.php . The swf he made works fine - he publishes the data. The problem is that I see a request from firebug. This opens up another problem: any more advanced user can insert their own account without playing the game ...
So is there a way to hide requests made from a flash game? What will be the correct approach to this problem?
, . , Firebug Live HTTP Headers , -, Wireshark . . , , base64_encode(), , (, , ), MD5. , 5 , . , ( , ), MD5 , . , , :
. . , -. , , , , , . , , , , , 60 . Adobe Flash Player , , , .
, , , , , . , : offuscation "" . , . , , . . .
, , . , - . , , , .
, AES, : http://www.lostinactionscript.com/blog/index.php/2009/11/29/aes-cryptography-for-actionscript-php/
PS: , , , -.
( , db), , , md5 . , POST score:12345, - score:12345&key:119c8901b84be882530d60a45539705f
score:12345
score:12345&key:119c8901b84be882530d60a45539705f
md5 12345_secret. , , md5(score+'_secret') == key
12345_secret
md5(score+'_secret') == key
, " " - . , . (, ) , . , , " ".
, . , , .
: . , , . , .
, . , , , - , , .
, . , , , . , , , . ... .
- . , , . . , , . , , , . .
, , . : , , .;)
, /, , :
, . , , , .
- . , POST... .
, . ..
Make the client as stupid as possible ... make the server authoritative.
If someone sends an absolutely invalid score, deny that IP address and / or user account.
Pray that your game is not very popular among hackers.
you can use amfphp , this will hide your request.