Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a flash application (a game) and it needs to pass data to a php page to save the user, and the user’s score. However I don’t want the user to be able to alter the score him/herself or to initial a scoring without using the application.
What is the best way to do this?
If the client (i.e. flash) is keeping track of/generating the score, there is no secure way for you to send the score to the server. Whatever the swf file can do, an attacker can also imitate.
The only secure way is to send each user move or action to the server. The server is responsible for the state of the game and maintaining the score; the client just generates the moves.
With such an approach, an attacker cannot manipulate the score. He can still bypass your SWF file, but to get a high score he still has to make the right moves. The attacker can make a bot to make the moves intelligently; to avoid that you can only use security by obscurity.