securing web based game

["Tomas" <tomasg () extra lt>]

Hello.

Lets say there is a shockwave or java game on a website where players play
it and try to get as many points as they can. There is no any kind of
authentication, like accounts. My question would be what is the best way to
send collected points to server and how to validate them and leave no way
for cheating (like sniffing and modifying the query, which is sent to
server, and collected points in it).

One thing with which i came up is to use unique session IDs and a secret
algorithm to generate "validation string": game takes points, session id and
generate "validation string", then sends it to server together with points.
Server uses same algorithm and compares received "validation string" from
user with generated. If they match, then it knows that points are valid.

any other ideas?


Tomas

P.S.
Sorry for bad english ;)