Hosting Provided By

securing web based game

From: Tomas <tomasg(at)extra.lt>
Date: Sun Dec 22 2002 - 09:33:35 EST

Hello.

Lets say there is a shockwave or java game on a website where players play it and try to get as many points as they can. There is no any kind of authentication, like accounts. My question would be what is the best way to send collected points to server and how to validate them and leave no way for cheating (like sniffing and modifying the query, which is sent to server, and collected points in it).

One thing with which i came up is to use unique session IDs and a secret algorithm to generate "validation string": game takes points, session id and generate "validation string", then sends it to server together with points. Server uses same algorithm and compares received "validation string" from user with generated. If they match, then it knows that points are valid.

any other ideas?

Tomas

P.S.
Sorry for bad english ;) Received on Sun Dec 22 11:19:54 2002

This message: [ Message body ]
Next message: Dawes, Rogan (ZA - Johannesburg): "Mangle available for download"
Previous message: H D Moore: "Re: post to bugtraq about "session fixation""
Next in thread: Adam [ckkl]: "Re: securing web based game"
Reply: Adam [ckkl]: "Re: securing web based game"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:46 EDT