A Flash Developer Resource Site

Results 1 to 2 of 2

Thread: [Disc/Help] Securing High Scores / Misc Info

Threaded View

  1. 08-19-2008, 09:04 PM #1
    WesIsGood
    WesIsGood is offline
    Senior Member
    Join Date
    Mar 2008
    Posts
    301

    [Disc/Help] Securing High Scores / Misc Info

    I know there have been a few posts on Flash Kit regarding the security of high scores, etc, but the ones I found were all from a year and a half or more ago. I don't suspect that things have changed much since then, but I figured it wouldn't hurt to get some fresh perspectives. (Or maybe there's something in Flash 10 that could help out that I don't know about.)

    So what do you guys know about security? What is the best approach? Aside from putting all of the game logic on the server.

    I guess if you just start with the assumption that everything the client tells you is a lie, then it's not really possible to verify high scores without *some* amount of game logic on the server...

    If we simplify things and just pretend there's a function in the client's flash that's named "add1Point", and every time it's called a point is added, even if it's sent to the server every time, unless the server has some way to check whether or not a point *should* be added, the haxor can just keep calling the function over and over again.

    But if you have to include even a little bit of game logic on the server, there's no way to just set up a nice general security system that can handle all of your games, you have to specifically tailor a new system to every game, and that dog won't hunt.

    I suppose one relatively general system would be to simply record every action by the user and save it to the server, along with including a replay option in every game you make. That way if a score looks suspicious, you can load up the replay data and verify that the scores are the same... Wouldn't prevent bots, but preventing bots is way out of my league.

    EDIT: But then again, unless the game is completely deterministic, maybe the haxor can fake adding things to it... For example, one second he adds and then kills 5000 enemies. The replay would agree with him, if the adding enemy data was also fed in to it, even though it was obviously cheating. Now the only way I can think to get over that is to have any random changes to the game instigated by the server. And now you're getting the server involved in the gameplay again. I guess if the server seeds the random numbers in a game, that's as general as you could get with that...

    I don't know, just thinking out loud.

    Opinions/Ideas/Suggestions?
    Last edited by WesIsGood; 08-19-2008 at 09:09 PM.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules



Click Here to Expand Forum to Full Width

HTML5 Development Center