Points (PTS) in flash game

假如想象 提交于 2020-01-06 06:55:05

问题


A friend to me made a flash game for my website. The game makes a request to /game/p00ints.php with the points in $_POST['points'].

But, a hacker can easy find out how to get more points I guess, so, how can my friend or I fix this security hole?

Best regards,

Erik Persson


回答1:


The way to fix this is have all the point calculation on the server and have the client send raw input (e.g. hold left arrow key 1 second, enter key press, hold left mouse button 2 seconds, etc.). Even then, attackers can still write bots to bypass your flash client (but the bots will have to send raw input). I understand implementing this is complex, but I think this is the most secure solution.

Adding a private key to the flash file may be enough of an obstacle for a casual game. However, it provides no real security, because someone can easily decompile the SWF.




回答2:


Quick solution - add some checksum as a second parameter, for example md5("secretword"+md5(points)). It will make hacker's life harder and hopefully they won't bother.

I don't think there is absolute 100% secure solution as flash can be decompiled.



来源:https://stackoverflow.com/questions/2755190/points-pts-in-flash-game

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!