This text is replaced by the site logo. If not, try enabling javascript.
| Home | Tutorials | Forums | Articles | Blogs | Movies | Library | Employment | Press | Buy templates |
03-28-2001, 11:34 AM
|
#1 |
|
Registered User
Join Date: Mar 2001
Location: Edinburgh, Scotland
Posts: 3
|
hi all!
we have a flash game which reads it's 'high scores table' from a database via a php file. Problem is people have managed to reverse-engineer the swf and pull the path to the php from it and use it to pass bogus scores (via a browser we think) to the php file which obviously updates the database incorrectly. how do we check that the scores are being posted via the flash file as opposed to any other way to authenticate them? I have taken the obvious measures to protect the swf file like not allowing debugging of the file and disabling importing, but I realise there are still ways round this. We thought about using the php to check the HTTP_REFERRER however as we have tested it IE does not seem to send this info as one of its environment variables. any thoughts? |
|
|
|
03-30-2001, 09:32 AM
|
#2 |
|
Administrator
Join Date: Nov 2000
Location: Australia
Posts: 8,612
|
Hrmm the problem is the fact that it can be reverse engineered. I know that sounds dumb but I was thinking:
"Why not construct the URL tot he high-scores file dynamically, using text strings and things, that way it wouldn't be obvious what the URL was", but the problem is, using something like ActionScript Viewer, the culprits could just gather up the strings and combine them to figure out the URL themselves... How about using cookies? Cheers Jesse
__________________
Cheers Jesse Stratford ActionScript.org Cofounder Email: presented in this way to stop spam-bots: My email is composed of my first name (jesse) followed by my last name (stratford) followed by @ followed by actionscript.org Please don't email or PM me Flash questions, that's what the Forums are for!  Please don't rely on me reading my PMs either. Email me about important stuff. |
|
|
|
|
|
|
|
04-12-2001, 11:51 PM
|
#3 |
|
Registered User
Join Date: Jan 2001
Posts: 3
 |
There is a technique that can be used with ScoreKeeper that will cause HTTP_REFERRER to get set. The only *possible* problem is that the scores output will be in a pop-up window.
http://www.k2w.f2s.com/software/ kory |
|
|
|
|
05-08-2001, 03:19 PM
|
#4 |
|
Registered User
Join Date: Jan 2001
Location: Scotland
Posts: 52
|
HTTP_REFFERER is notoriously unreliable,
I think your best bet may be to use a session and quite simply check for the session cookie before the score is entered into the db, the only problem being cookies can be faked. HTH george chiefmonkey |
|
|
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | Rate This Thread |
Linear Mode
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Extended ASCII characters in mySQL database | shawn_t | Flash Remoting | 4 | 03-15-2005 03:51 AM |
| asp, is querying the database at the start enough? | antonyx | ActionScript 2.0 | 1 | 02-20-2005 04:43 AM |
| Loading database stuff through PHP/Flash | mprzybylski | Server-Side Scripting | 10 | 02-13-2005 08:06 PM |
| Database editing application - stuck halfway | Dubya | Server-Side Scripting | 2 | 07-23-2003 05:55 PM |
| Multimedia Database - Need Direction!! | harlem_39 | General Chat | 2 | 01-18-2003 12:46 AM |
All times are GMT. The time now is 01:50 AM.
Copyright 2000-2009 ActionScript.org. All Rights Reserved.
Your use of this site is subject to our Privacy Policy and Terms of Use.
Your use of this site is subject to our Privacy Policy and Terms of Use.