Security Basics mailing list archives
Re: Securing Flash Games.
From: Maciej Lisiewski <c2h5oh () poczta fm>
Date: Fri, 12 Dec 2008 04:47:20 +0100
> This is correct. It it is about the scores and of course not to mention I > do not want to have a lets say automated macro running that "players" can > run so that it plays the flash game with a perfect score. But this is my > last concern. The main concern is the score manipulation in the memory.If the value is accessible by the user (and it is, since it is running client side) the only thing you can do is to make cheating more difficult.
To prevent results manipulation you have to:- keep the score/character stats/anything else that player might want to modify server side - keep the score calculation server side as well - storing just values server side will give you very little protection if cheater could just send "increase score by 500" request to the server. Cheater will be able to monitor all the communications between the game and the server, so you can be pretty sure it will happen rather sooner than later.
> I want to thank you all for the fast answers. I will try to have most of > the data running on the server side it self. This should be the best > option. Although it will be a little bit slower, but we can accept that.Do implement all that stuff client side as well - sure, calculations will be duplicated, but it will happen client side (no extra expenses for you) and will reduce lag. Just validate when needed.
Basically you will have to run all the relevant game logics server side, send all user actions (with precise timestamps - so the lag does not alter the results), process them, "keep the score" and verify if the data user sent is valid when it is relevant to your services.
As for macros just use in-game captcha and remember: captcha does not equal those maddening distorted chars. captcha is anything what would easily let you to verify if you are dealing with a human, not a machine - anything that a human will be able to react to in an instant and will be much trouble to a machine.
-- Maciej Lisiewski Tysiace zabawnych wierszyków.Dodaj swoj Sprawdz >>> http://link.interia.pl/f1fcd
Current thread:
- Securing Flash Games. NixDevs | Feeyo (Dec 10)
- Re: Securing Flash Games. Robert Larsen (Dec 10)
- Re: Securing Flash Games. Feeyo|NixDevs (Dec 10)
- Re: Securing Flash Games. Tim Clewlow (Dec 10)
- Message not available
- Fwd: Securing Flash Games. Michal Lovas (Dec 10)
- Re: Securing Flash Games. Razi Shaban (Dec 10)
- Re: Securing Flash Games. NixDevs | Feeyo (Dec 11)
- Re: Securing Flash Games. Maciej Lisiewski (Dec 12)
- Re: Securing Flash Games. Feeyo|NixDevs (Dec 10)
- Re: Securing Flash Games. Robert Larsen (Dec 10)
- Re: Securing Flash Games. Razi Shaban (Dec 10)
- Re: Securing Flash Games. Feeyo|NixDevs (Dec 10)
- <Possible follow-ups>
- Re: Securing Flash Games. Dan Crowley (Dec 10)
- RE: Securing Flash Games. Murda Mcloud (Dec 12)
- RE: Securing Flash Games. Pranav Lal (Dec 16)
- RE: Securing Flash Games. Murda Mcloud (Dec 12)
- Re: Securing Flash Games. Michael Tartre (Dec 19)