Is there a standard way to “protect” a PHP script from being accessed from others.
For instance, I plan on submitting high scores and such via LoadVars in ActionScript to a PHP script. Here are some of the approaches I am considering:
- Just use the Php SessionID to enforce that they are logged in.
Potential Problems: Any user that logs in could then call the PHP script and pass whatever they want.
- Check the referring headers to ensure this script is only being called by an appropriate party.
Potential Problems: I am not sure what headers ActionScript will send… they may be based on the users IP and domain (I will eventually test this… but if anyone knows now how this works… I would appreciate it).
Other ideas:
- weak encryption (i.e. - secret decoder)
- a custom session key that is passed at the start of a game that must be submitted with the score
Any thoughts are welcome and appreciated.
Thanks,
—atomgiant
