guarantee secure within AJAX? - Online score

Get help using Construct 2

Post » Mon Mar 05, 2012 4:17 pm

Hello guys,

My question ISN'T 'how to make an online highscore'. This i know.
My question is: how to GUARANTEE that the score posted WAS REALLY posted by the game?

The best option (at least i think it is) is to send the score AND a checksum of this score, generated by sha1()+salt. I've requested the possibility to have sha1/md5 hashing methods on future versions of C2, and some1 answered me that there's already a plugin to do this (made by Kyatric). Ok, but the problem is that i can't upload a game to arcade using third-party plugins...

My concern is to some user just change the value sent (firebug, for example) and post a 99999999 score.
English is not my native language. Sorry for any mistakes and feel free to correct me if needed.
B
14
S
5
G
3
Posts: 110
Reputation: 3,225

Post » Tue Mar 06, 2012 10:45 pm

bump? :X
English is not my native language. Sorry for any mistakes and feel free to correct me if needed.
B
14
S
5
G
3
Posts: 110
Reputation: 3,225

Post » Tue Mar 06, 2012 10:52 pm

I don't think you can have a secure game if all the code resides in someone's browser.
B
10
S
5
G
1
Posts: 37
Reputation: 1,631

Post » Tue Mar 06, 2012 10:56 pm

Indeed twdead... But as the code is obfuscated and whatsoever, it's more difficult to change mechanics by changing javascript then just change a querystring, u see?

But who knows? maybe i'm just too concerned...
English is not my native language. Sorry for any mistakes and feel free to correct me if needed.
B
14
S
5
G
3
Posts: 110
Reputation: 3,225

Post » Tue Mar 06, 2012 11:07 pm

you're too concerned. I wouldn't waste time implementing complex checks, especially since people can modify your script's variables directly in the browser and fooling your game into doing that "checksum" for the cheated score.
Just check for the absurd: for instance, a player who played for 2 minutes cannot possibly have 99999999999999 score.Fimbul2012-03-06 23:08:47
B
35
S
8
G
8
Posts: 532
Reputation: 6,868


Return to How do I....?

Who is online

Users browsing this forum: heliogame and 23 guests