[Plugin] ajaxPost

Probably nice

Ajax is still over my head ^^

Worked. Thanks. I can finally get a login system working.

Propably with the CB Hash (MD5, SHA-1 and SHA-256)-Plugin.

Yes, it should be. As I understand the question - he asked only the encryption - e.g. post the "username"+"password" and store this encrypted string on the server.

The username and the score can send without encryption to store on the server. The client that uses the C2 game knows who he is ("username") and the app calculates the "score".

Second login: C2 encrypts username+passwort again --> send it to the server --> server: compares this string to the string stored before --> message success/fail to c2-client that wants to play

Suggestion:
If sending the username and the score unencrypted is to unsecure for you (-you can see the real-characters eg with wireshark ) - why not merge it in the encrypted string:
When the encrypted string for the
user "Joe7"+"joelspassword"
is --- "0123456789abcdef" ----
and the score is "20"
--> merge it in:
--- 01234567Joe789ab2cd0ef ---
and post this string. If you know the right positions of the characters you can pick them out

Edited by Joe7 - 22 Feb 2012 at 8:55am

Thank you Joe7 and Kyatric for your answer! :)

Yes, I thought about mixing your 2 solutions (CB hash & https) because I'm looking the way to protect the username, hash session of player and score.

But I'm still care about the fact the player (called hacker) could find a way to make some ajax call from javascript console (like firebug or chrome console or anothers tools) by finding my C2 javascript function (even minified) to make the same CB Hash and call it to send a high score to server manually...

Just like EdgeWorld's game, there are some tools to hack that game even if EdgeWorld is in https mode... :(

I'm not expert and don't know very well https, but I saw that every JS Client application use that way even if post data is not encrypted (just like iCloud.com do)

Do you think https could prevent that kind of attack?