Given a Client Side Game (lets call it game X) and a server side database that stores the high scores how can after the end condition of the game securely sumbit a high score to the server in a way that can only be done if the game was actually played (thus to prevent post hijacking).
Given this problem set here are a few ideas I have been thinking about
** Upon the game start send a session ID that expires after a given amount of time to be sent to the server for verification
the problem is that this could be easily exploited by requesting the start id then just forging the score
** Checkpoints within the game that post to the server to verify the person is actually playing the game
again this could be synthesized with some crafty scripting
Upload a replay of the game and verify the score from that replay on the server. Of course this works only if your game supports replays.
At minimum create a rough log of what’s happening ingame and apply some plausibility checks.
You should also add some ingame consistency checks. Else I’ll just use a tool like ArtMoney and change the score during the game.
But in the end if the user writes a bot it gets really hard.