guarantee secure within AJAX? - Online score

0 favourites
  • 5 posts
From the Asset Store
Daily Rewards and Timed Rewards secure 24 hour timer
  • Hello guys,

    My question ISN'T 'how to make an online highscore'. This i know.

    My question is: how to GUARANTEE that the score posted WAS REALLY posted by the game?

    The best option (at least i think it is) is to send the score AND a checksum of this score, generated by sha1()+salt. I've requested the possibility to have sha1/md5 hashing methods on future versions of C2, and some1 answered me that there's already a plugin to do this (made by Kyatric). Ok, but the problem is that i can't upload a game to arcade using third-party plugins...

    My concern is to some user just change the value sent (firebug, for example) and post a 99999999 score.

  • bump? :X

  • I don't think you can have a secure game if all the code resides in someone's browser.

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads
  • Indeed twdead... But as the code is obfuscated and whatsoever, it's more difficult to change mechanics by changing javascript then just change a querystring, u see?

    But who knows? maybe i'm just too concerned...

  • you're too concerned. I wouldn't waste time implementing complex checks, especially since people can modify your script's variables directly in the browser and fooling your game into doing that "checksum" for the cheated score.

    Just check for the absurd: for instance, a player who played for 2 minutes cannot possibly have 99999999999999 score.

Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)