Points (PTS) in flash game
Asked Answered
C

2

0

A friend to me made a flash game for my website. The game makes a request to /game/p00ints.php with the points in $_POST['points'].

But, a hacker can easy find out how to get more points I guess, so, how can my friend or I fix this security hole?

Best regards,

Erik Persson

Caleb answered 2/5, 2010 at 22:3 Comment(0)
P
1

The way to fix this is have all the point calculation on the server and have the client send raw input (e.g. hold left arrow key 1 second, enter key press, hold left mouse button 2 seconds, etc.). Even then, attackers can still write bots to bypass your flash client (but the bots will have to send raw input). I understand implementing this is complex, but I think this is the most secure solution.

Adding a private key to the flash file may be enough of an obstacle for a casual game. However, it provides no real security, because someone can easily decompile the SWF.

Pedant answered 2/5, 2010 at 22:17 Comment(0)
Y
1

Quick solution - add some checksum as a second parameter, for example md5("secretword"+md5(points)). It will make hacker's life harder and hopefully they won't bother.

I don't think there is absolute 100% secure solution as flash can be decompiled.

Yama answered 2/5, 2010 at 22:19 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.