AJAX Simple question

Ideas and discussion about publishing and distributing your games

Post » Tue Apr 12, 2016 6:14 pm

Hi,
I have one simple question : who can see my URL when I will publish my game ?

For example, I do request to : "www.mywebsite.com/Script.PHP?Variable1="&Variable1&"&Variable2="&Variable2
and my script sends Variable 1 and Variable 2 to my Mysql database. So anyone who know my URL can enter and send information to my database !

Thanks !
B
17
S
10
G
19
Posts: 140
Reputation: 11,457

Post » Tue Apr 12, 2016 6:55 pm

It's basically out in the open for everyone to see. If you know where to look it's about 2 key presses (dev tools, network tab).
Scirra Founder
B
387
S
230
G
88
Posts: 24,251
Reputation: 192,464

Post » Tue Apr 12, 2016 8:47 pm

Sorry, Ashley but I don't understand you. That mean everybody can be registred in my Mysql table without use my game ?
B
17
S
10
G
19
Posts: 140
Reputation: 11,457

Post » Tue Apr 12, 2016 9:08 pm

Yep!
Scirra Founder
B
387
S
230
G
88
Posts: 24,251
Reputation: 192,464

Post » Tue Apr 12, 2016 9:15 pm

There are many ways you can secure your connection. For instance add a "securityKey" as another parameter.

Create a key constant in C2 with some value just to salt the hashing. And do the same on your server side.

For instance:
hashingKey = "#$fdsf$%6YThfY^&%^&24wrw"
securityKey = sha1(username & hashingKey & something)

Send this security key to your server together with credentials. Now on the server side also create securityKey in the exactly same way and compare if it is equal to the one which came.

In that way even if someone knows the URL for registration he is not able to fake the securityKey so he can't do anything.
ImageImage
B
27
S
16
G
68
Posts: 946
Reputation: 38,601


Return to Distribution and Publishing

Who is online

Users browsing this forum: No registered users and 1 guest