I have a project where I am supposed to keep track of a highscore of every user that accesses a game. However this data will be kept in a database that needs to be secured from users wanting to insert better scores into it.
Moreover flash applications can be decompiled so that the data format can be seen, replicated and set over to the database management script.
What would be a good way to secure this aspect?
Thank you in advance!
In terms of decompilation, I think code obfuscation is something you should consider. It should make data tracking all the more difficult for people who decompile your code.
In any case, keep in mind that if someone REALLY wants to break your security, they can and will. See: PS3 online services. Some precautions are good, to keep average Joes away from trying to break your high scores, but there's only so much you can do.. getting hacked is inevitable really.
In terms of scoreboard protection in PHP, see this question, it has numerous wonderful suggestions: What is the best way to stop people hacking the PHP-based highscore table of a Flash game
You can confuse compiler by embedding your Application into an another. All you need is a new flash document and a document class which has:
package
{
import flash.display.Loader;
import flash.display.MovieClip;
import flash.events.Event;
public class Shell extends MovieClip
{
[Embed(source="Main.swf")]
private var ncvt3ewdsxxnztt:Class;
private var hsf8z42fdfd_as32:MovieClip;
public function Shell()
{
hsf8z42fdfd_as32 = new ncvt3ewdsxxnztt();
hsf8z42fdfd_as32.addEventListener(Event.COMPLETE, onComplete);
}
public function onComplete(e:Event) {
addChild(hsf8z42fdfd_as32);
}
}
}
Edit:
Decompiler dunno about the embed source(s). So it'll only decompile your shell which protects your main application from decompiling, saving every asset and code. =)
