Home/ Questions/Q 6827771
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T22:18:15+00:00

I’m making a simple game with Java / .net as client and using php

  • 0

I’m making a simple game with Java / .net as client and using php webserver.

Now when someone finishes the level, quit or starts a new game the client sends information on a php Page that stores them in a mysql database.

Now i wouldnt that the users cheat.
To use the game client you need a username and password.

The client sends the number of times that they played the game, which player has defeated, how much points earned. So if i send clear information someone with a sniffer could see which php page I call and copy the information a send to the webserver.

So what’s the best security/check system in this case?
I was thinking about use any crypt system that i usable in java vb.net c# and php (like des , md5) but I would like to know if this is the better solution or not.

Update The clients dont use The Web Browser to comunicate with the WebServer. It’s WinForm application for example that call php pages to get information and to update data on Mysql DB
Thanks a lot

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Some things you should know before continuing:

    1. Everything that is on the client browser can be inspected. This includes all calls you make back to your database server. Encryption doesn’t matter for this because, obviously, your javascript code will be the part encrypting/decrypting the data. Javascript can easily be looked at to get the keys.

    2. Even Flash etc can be decompiled by those willing to spend the few minutes working it out.

    3. Don’t wait until they have completed all of their games to send info to your database. Do so as the actions occur.

    4. You can only make it a little hard, not impossible, to cheat when using javascript as the game engine in your browser. By “a little hard” I mean it might take an hour for someone with even halfway decent programming skills to defeat… most likely much less.

    5. Regarding sniffers. It doesn’t matter if your site is SSL enabled or not. This only protects the information once it leaves the computer. It is not going to do anything about a sniffer located on the client machine.

    To sum up: your only real defense here is to make cheating something that is not worth anyone’s time to do.

    • 0