Improving security on the variables

Hello everyone, im developing some very good games with Construct for a while.

Now i have a problem, someone knows how to edit the score variable to submit a higher score value.

My score submit php is using a sha1 hmac hashing, so is more hard to hack, but by just editing the variables its easy for the game to encrypt that edited score and submit it.

How can i improve the security on score / life or any kind of variable ?

Thanks and have a nice day !

You could have the game sent more information along for php to check potential validity of your data.

for instance: units killed, time played, actions done, things aquired.

Information that could potentially back up the info from the score.

Or you could find some method other then numrical scores to transfer the total score.

Other then that there isnt much you can do really.

The code is obfuscated, so cheaters can't 'easily' determine which value means what.

Try not to store data in global variables, as their name will be visible in the minified code.

You can store your data in instance variable of a object (eg. an invisible global sprite). Instance variable names are changed during build, global variable names are not.

So, if you have global variable named "score", in your minified code you can search for that variable name.

If an object has a instance variable name called "score" (eg. "sprite.score"), it's name in the minified code will be something like "g.ba", so it'll be harder to find.

Also, you'll obviously need to improve your security more, you should never trust the client for any data it sends to you, global variable visible or not.