I've written some Objective-C code to load some php code and access a mysql database on a remote server.
I don't remember how to make it impossible to submit a score using the PHP page without doing it from the game. I thought I had seen something about it on these forums:
Quote:
Originally Posted by smasher
True. Real encryption is out of the question, unless you want to deal with export restrictions (remember that question in the app upload screen about encryption?) But there are plenty of things you can do to increase security.
Just brainstorming:
(1) send a md5 hash if the name and score (plus a salt) along with the data, and check that hash on the server. if it doesn't match, don't post the score. That will defeat the casual cheater with a packet sniffer from creating random URLs.
(2) If you detect an attempt to post a fake score, allow it to be posted - but flag the record internally as a fake. Then remove it a random number of minutes later. Then disallow more entries from the IP. It'll be harder for a cracker to tell if their hack is working without immediate feedback.
|
Any suggestions on actually doing this?
I've seen the same MD5 generation code on several other websites, but I don't know how to read this in my PHP code.
The game sends the following data: Initials, Score, Country, DeviceID
Code:
This is goes in a header file:
@interface NSString (md5)
+ (NSString *) md5:(NSString *)str;
@end
And this goes in a source file:
#import <CommonCrypto/CommonDigest.h>
@implementation NSString (md5)
+ (NSString *) md5:(NSString *)str {
const char *cStr = [str UTF8String];
unsigned char result[16];
CC_MD5( cStr, strlen(cStr), result );
return [NSString stringWithFormat:
@"%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X",
result[0], result[1], result[2], result[3],
result[4], result[5], result[6], result[7],
result[8], result[9], result[10], result[11],
result[12], result[13], result[14], result[15]
];
}
@end
Thanks
Question about global high scores
Linear Mode
