Java-Gaming.org Hi !
Featured games (81)
games approved by the League of Dukes
Games in Showcase (513)
Games in Android Showcase (119)
games submitted by our members
Games in WIP (575)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: 1 [2]
  ignore  |  Print  
  online Highscore  (Read 8959 times)
0 Members and 1 Guest are viewing this topic.
Offline CommanderKeith
« Reply #30 - Posted 2009-02-06 04:52:33 »

Cool thanks

Offline Orangy Tang

JGO Kernel


Medals: 56
Projects: 11


Monkey for a head


« Reply #31 - Posted 2009-02-06 09:51:01 »

So that the client does not have the password and database name. And then (somehow?!?!) you should check the score in the php script to stop someone from sending bogus scores or spamming the database with lots of scores...
Sending an encrypted version of the score, and/or a hash of the score (with salt!) will make it much harder for someone to fake a score submission by hand. And use POST instead of GET or you'll Break The Internet.

Of course this doesn't protect you from someone decompiling the client and jimmying the high score before it's sent, but it's better than nothing.

[ TriangularPixels.com - Play Growth Spurt, Rescue Squad and Snowman Village ] [ Rebirth - game resource library ]
Offline Markus_Persson

JGO Wizard


Medals: 16
Projects: 19


Mojang Specifications


« Reply #32 - Posted 2009-02-06 11:49:01 »

Sending an encrypted version of the score, and/or a hash of the score (with salt!) will make it much harder for someone to fake a score submission by hand. And use POST instead of GET or you'll Break The Internet.

Of course this doesn't protect you from someone decompiling the client and jimmying the high score before it's sent, but it's better than nothing.

It'd take me about three minutes to crack that.

Play Minecraft!
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline Orangy Tang

JGO Kernel


Medals: 56
Projects: 11


Monkey for a head


« Reply #33 - Posted 2009-02-06 11:59:31 »

It'd take me about three minutes to crack that.
I'm sure you would Smiley but it's better than just sending the score as plain text.

Frankly I'm of the opinion that unless you can actually send a deterministic replay to the server that it can replay everything is going to be easily circumvented by decompilation. The question whether you feel it worth your time to do it properly or whether you can get by with manual moderation.

[ TriangularPixels.com - Play Growth Spurt, Rescue Squad and Snowman Village ] [ Rebirth - game resource library ]
Offline h3ckboy

JGO Coder


Medals: 5



« Reply #34 - Posted 2009-02-06 12:28:12 »

teh freehostia is not free!!!!! tisyas must pay $10 to get a domain name. is there another way? aso i tried the condition thing and even if I amde it false it still appeared
Offline cylab

JGO Ninja


Medals: 52



« Reply #35 - Posted 2009-02-06 13:46:07 »

teh freehostia is not free!!!!! tisyas must pay $10 to get a domain name. is there another way? aso i tried the condition thing and even if I amde it false it still appeared

Please at least try to write in a readable manner. One simple reread would have made it. It is just easier for us (especially the non-english speakers) to gasp what you want. Also it's more likely to get sensible answers.

Quote from http://www.catb.org/~esr/faqs/smart-questions.html#writewell:
Quote
We've found by experience that people who are careless and sloppy writers are usually also careless and sloppy at thinking and coding (often enough to bet on, anyway). Answering questions for careless and sloppy thinkers is not rewarding; we'd rather spend our time elsewhere.

This quote might be a preconception, but if you had actually tried to sign in Freehostias "Chocolate" package, you would have found out, that you can use a subdomain under freehostia.org for free.

Mathias - I Know What [you] Did Last Summer!
Offline Markus_Persson

JGO Wizard


Medals: 16
Projects: 19


Mojang Specifications


« Reply #36 - Posted 2009-02-06 14:50:55 »

Frankly I'm of the opinion that unless you can actually send a deterministic replay to the server that it can replay everything is going to be easily circumvented by decompilation.

Agreed, in practice.

In theory, there are others even more secure solutions.
For example, you could make the client just a video player, then run the ENTIRE GAME on the server, sending the rendered video of the game screen to the client, and sending back inputs to the server.
There are of course less silly variants derived from this thing, including the possibility of having clients verify each other. (While a client is playing, have it re-play a pending highscore entry. If more than, say, 50 clients with different IPs all end up claiming the same score for that entry, allow it.)

Play Minecraft!
Offline erikd

JGO Ninja


Medals: 16
Projects: 4
Exp: 14 years


Maximumisness


« Reply #37 - Posted 2009-02-10 14:09:48 »

Even replays can be faked.

I guess whether or not highscores are faked all depends on how bad people actually want to cheat. Announcing that cheaters are banned might help with that too.
Or writing a bad game  Wink

Personally I never had problems with fake high scores (at least not that I'm aware of  persecutioncomplex), and I didn't have much security in the high score posting but did have quite a lot of visitors.

Offline Hansdampf

Senior Duke


Projects: 3


too offending?


« Reply #38 - Posted 2009-02-10 14:15:45 »

Even replays can be faked.

I guess whether or not highscores are faked all depends on how bad people actually want to cheat. Announcing that cheaters are banned might help with that too.
Or writing a bad game  Wink

Personally I never had problems with fake high scores (at least not that I'm aware of  persecutioncomplex), and I didn't have much security in the high score posting but did have quite a lot of visitors.
Just wantet to play cosmictrip.
You seem to have a problem with a turkish hacker:
http://www.gagaplay.com/cosmictrip/index.html

edit: seems to be a 'script granny' who hacked more than 200.000 sites.

lots of sillystupid games: http://www.emaggame.com
Offline erikd

JGO Ninja


Medals: 16
Projects: 4
Exp: 14 years


Maximumisness


« Reply #39 - Posted 2009-02-10 18:08:38 »

Just wantet to play cosmictrip.
You seem to have a problem with a turkish hacker:
http://www.gagaplay.com/cosmictrip/index.html

edit: seems to be a 'script granny' who hacked more than 200.000 sites.

Yes, I know...
It wasn't hacked through my highscore saving though Smiley (apparently it was hacked through another site running on the same server, running Joomla)

I haven't found the time to fix it yet.
Apparently the host's backup also didn't work, and my own PC with the latest version of the site was completely crashed just before the server got hacked  Cry

Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline sunsett

Senior Duke




ribbit!


« Reply #40 - Posted 2009-02-11 13:42:13 »

Reading this thread all I can say is WOW!

Looks like a lot of programmers need to think just a little about security in their development process...really....I'm just amazed.
Offline markmistry

Junior Duke





« Reply #41 - Posted 2009-05-17 02:11:30 »

Hmmm..security so how do i know if i implemented my game correctly with my mysql ?
How does one go about testing something like that with out inviting hackers?

When i first started writing my server side i had security in mind so hopefully i wont have much trouble.
My clients dont communicate with the mysql directly they have to go through a java application core server that acts as a messenger to mysql this is the same with my game servers.

If you know what question to ask i will be able to answer it the way i understand.
seeing as i am relativley inexperienced i may not know all the correct java terminology  Grin

What i want to know is how do you work out what determines who is the best regarding a fighting game ?
Offline Mike

JGO Wizard


Medals: 84
Projects: 1
Exp: 6 years


Java guru wanabee


« Reply #42 - Posted 2009-05-17 07:13:31 »

How does one go about testing something like that with out inviting hackers?

Think of the normal ways to go around security and try to make sure the base is covered. Once that is done ask on a hacking forum if anyone has the knowledge to break your impenetrable website and you should get replies, hackers likes a challenge Wink

My current game, Minecraft meets Farmville and goes online Smiley
State of Fortune | Discussion thread @ JGO
Pages: 1 [2]
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

Longarmx (33 views)
2014-10-17 03:59:02

Norakomi (25 views)
2014-10-16 15:22:06

Norakomi (24 views)
2014-10-16 15:20:20

lcass (26 views)
2014-10-15 16:18:58

TehJavaDev (50 views)
2014-10-14 00:39:48

TehJavaDev (50 views)
2014-10-14 00:35:47

TehJavaDev (40 views)
2014-10-14 00:32:37

BurntPizza (63 views)
2014-10-11 23:24:42

BurntPizza (36 views)
2014-10-11 23:10:45

BurntPizza (74 views)
2014-10-11 22:30:10
Understanding relations between setOrigin, setScale and setPosition in libGdx
by mbabuskov
2014-10-09 22:35:00

Definite guide to supporting multiple device resolutions on Android (2014)
by mbabuskov
2014-10-02 22:36:02

List of Learning Resources
by Longor1996
2014-08-16 10:40:00

List of Learning Resources
by SilverTiger
2014-08-05 19:33:27

Resources for WIP games
by CogWheelz
2014-08-01 16:20:17

Resources for WIP games
by CogWheelz
2014-08-01 16:19:50

List of Learning Resources
by SilverTiger
2014-07-31 16:29:50

List of Learning Resources
by SilverTiger
2014-07-31 16:26:06
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!