Java-Gaming.org Hi !
Featured games (81)
games approved by the League of Dukes
Games in Showcase (513)
Games in Android Showcase (119)
games submitted by our members
Games in WIP (576)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
   Home   Help   Search   Login   Register   
  Show Posts
Pages: [1]
1  Games Center / Archived Projects / Re: RGB (unfinished, my first Java project) on: 2010-10-25 15:05:34
It's excellent!

I think a polished re-write could gain cult-status. It's quirky, simple to learn, hard to master. With lot and lots of levels and perhaps a "level builder" included, this would be a blast - and something I'd probably pay a few bucks for.
2  Game Development / Newbie & Debugging Questions / Secure highscore submission over HTTP on: 2010-10-24 18:29:18
Hi all,

I'm new to this forum. It's great! (Well, so far I've mostly "used" the Showcase forum to find amuzing games to play:))

So here I have a problem, I would like your input on.

The setup:

A web server with PHP and a mysql database is used to collect player scores. Whenever a player has completed a game/level, the score is submitted to the server.

The problem:

Somewhat needy players are able to decompile the game and see what and how data is sent. Ie. http://blah.blah?score=123&player=JohnDoe. The players are then able to setup their own script that submits a score on a regular basis.

The attempted solution:

Add some checksum, ie. in the client do a MD5(score + "secret passphrase" + playername) and submit that as well: http://blah.blah?score=123&player=JohnDoe&checksum=14FSJHGFD45SA32lsGF2464GFD

- but that obviously just makes it slightly more difficult. One could make a "crazy checksum" with variables spread across all of the client, but it just takes a slightly more determined "hacker" to figure it out.

I've previously read suggestions like "do a replay of the game on the server, ie. submit all user actions" but that's also quite easy to figure out for a determined person.


So, how do you do it? Is it possible to achieve "good enough" security by using an obfuscator in Java? Switching to HTTPS is not a solution, as far as I can tell.

Any input would be greatly appreciated. I imagine it MUST be possible to avoid the decompilation somehow in Java. In Flash at least, the conclusion to this problem is sad: http://stackoverflow.com/questions/73947/what-is-the-best-way-to-stop-people-hacking-the-php-based-highscore-table-of-a-f

I hope for some good suggestions!

Best regards and thanks in advance,

adadad
Pages: [1]
 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

Longarmx (38 views)
2014-10-17 03:59:02

Norakomi (29 views)
2014-10-16 15:22:06

Norakomi (24 views)
2014-10-16 15:20:20

lcass (28 views)
2014-10-15 16:18:58

TehJavaDev (56 views)
2014-10-14 00:39:48

TehJavaDev (55 views)
2014-10-14 00:35:47

TehJavaDev (46 views)
2014-10-14 00:32:37

BurntPizza (64 views)
2014-10-11 23:24:42

BurntPizza (36 views)
2014-10-11 23:10:45

BurntPizza (78 views)
2014-10-11 22:30:10
Understanding relations between setOrigin, setScale and setPosition in libGdx
by mbabuskov
2014-10-09 22:35:00

Definite guide to supporting multiple device resolutions on Android (2014)
by mbabuskov
2014-10-02 22:36:02

List of Learning Resources
by Longor1996
2014-08-16 10:40:00

List of Learning Resources
by SilverTiger
2014-08-05 19:33:27

Resources for WIP games
by CogWheelz
2014-08-01 16:20:17

Resources for WIP games
by CogWheelz
2014-08-01 16:19:50

List of Learning Resources
by SilverTiger
2014-07-31 16:29:50

List of Learning Resources
by SilverTiger
2014-07-31 16:26:06
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!