And So I have farmville that's completely operate on the customer. No server interaction what so ever aside from installing the first scripts to experience the overall game. Anyway in the finish of the overall game I'd like for that client to transmit me back the scores that ought to be up-to-date within the server database. Now I have started to accept the truth that there's not a way on the planet I'm able to hide this from the hacker and send the scores unaltered. But I must know till what level can one customize the whole procedure that it virtually becomes pretty infeasible for that hacker manipulate the information that is being sent. Without a doubt I'd nothing like the score to become sent as plain text from client machine and I'm not going my server to do complex decryption formula. What's the easiest way hence to attain significant amount of security that each tom dick and harry does not hack the scores... I really hope someone could give a nice little method in which I possibly could focus on... :) Thanks
So my ideal result ought to be -> have reliable derive from a calculation (of score) produced by an untrusted party (the ball player)!
Someone explained something about hiding the information inside a picture get request. Like, I'm applying farmville on canvas (html5). So he requested me in the finish of the overall game to fetch a game title over image from the server, plus they request should retain the hashed score. I didn't exactly comprehend the complete process but when you can explain it, could be really glad! :)
coda^ to help you mask the demands nicely
shouvik how do you get it done!?
coda^ you are able to compose the checksum you need to submit. like 12312312a12313a232 is the md5 which consists of the score. generate an resource in to the canvas like
coda^ which you'll rewrite server side via htaccess
"Now I have started to accept the truth that there's not a way on the planet I'm able to hide this from the hacker and send the scores unaltered."
You should use RSA or other public key file encryption method (also known as assymetric cryptography).
Create some (private and public) secrets for that server. Have your client code incorporate your server's public key.
In the finish of the overall game, the customer code, encrypts the score (with this particular key) and transmits both (plain score and encoded score) to server.
Server decrypts and inspections if plain score and decrypted one are same. If so, accept score. Otherwise, reject (there is a hacker or network error in the centre).
As Ambrosia, stated, my approach fails completely with this particular type of attack.
That which you really want is to possess a reliable derive from a calculation (of score) produced by an untrusted party (the ball player). Very difficult to get this done.
Which (which requires a subscription towards the ACM digital library): http://portal.acm.org/citation.cfm?id=643477.643479