WebApp Sec mailing list archives
Re: securing web based game
From: "Adam [ckkl]" <ckkl () poczta wp pl>
Date: Sun, 22 Dec 2002 18:15:06 +0100
Hi Tomas,
One thing with which i came up is to use unique session IDs and a secret algorithm to generate "validation string": game takes points, session id
and
generate "validation string", then sends it to server together with
points.
Server uses same algorithm and compares received "validation string" from user with generated. If they match, then it knows that points are valid.
IMHO if the algorithm is included in a client-side code, then this solution is equal to INSECURE, because it's a matter of [rather short] time for reversers to break it, unless you use some sophisticated methods and anti-* tricks, but it's just the waste of time.
any other ideas?
let the server (instead of client) decide about the points Just my 5 bolivars... HTH Best regards Adam
Current thread:
- securing web based game Tomas (Dec 22)
- Re: securing web based game Adam [ckkl] (Dec 22)
- Re: securing web based game Adrian Wiesmann (Dec 22)
- Re: securing web based game Adam [ckkl] (Dec 22)
- Re: securing web based game Tomas (Dec 23)
- Re: securing web based game Tim Aranki (Dec 23)
- Re: securing web based game Adrian Wiesmann (Dec 22)
- Re: securing web based game Adam [ckkl] (Dec 22)