Actionscript to PHP Authentication

Is there a standard way to “protect” a PHP script from being accessed from others.

For instance, I plan on submitting high scores and such via LoadVars in ActionScript to a PHP script. Here are some of the approaches I am considering:

  1. Just use the Php SessionID to enforce that they are logged in.

Potential Problems: Any user that logs in could then call the PHP script and pass whatever they want.

  1. Check the referring headers to ensure this script is only being called by an appropriate party.

Potential Problems: I am not sure what headers ActionScript will send… they may be based on the users IP and domain (I will eventually test this… but if anyone knows now how this works… I would appreciate it).

Other ideas:

  • weak encryption (i.e. - secret decoder)
  • a custom session key that is passed at the start of a game that must be submitted with the score

Any thoughts are welcome and appreciated.

Thanks,
—atomgiant