WebApp Sec mailing list archives
securing web based game
From: "Tomas" <tomasg () extra lt>
Date: Sun, 22 Dec 2002 16:33:35 +0200
Hello. Lets say there is a shockwave or java game on a website where players play it and try to get as many points as they can. There is no any kind of authentication, like accounts. My question would be what is the best way to send collected points to server and how to validate them and leave no way for cheating (like sniffing and modifying the query, which is sent to server, and collected points in it). One thing with which i came up is to use unique session IDs and a secret algorithm to generate "validation string": game takes points, session id and generate "validation string", then sends it to server together with points. Server uses same algorithm and compares received "validation string" from user with generated. If they match, then it knows that points are valid. any other ideas? Tomas P.S. Sorry for bad english ;)
Current thread:
- securing web based game Tomas (Dec 22)
- Re: securing web based game Adam [ckkl] (Dec 22)
- Re: securing web based game Adrian Wiesmann (Dec 22)
- Re: securing web based game Adam [ckkl] (Dec 22)
- Re: securing web based game Tomas (Dec 23)
- Re: securing web based game Tim Aranki (Dec 23)
- Re: securing web based game Adrian Wiesmann (Dec 22)
- Re: securing web based game Adam [ckkl] (Dec 22)