I’m running Flash 8 and have developed a high score system that I can easily plug into various games. The problem has always been that players will find a way to hack the communications protocol and figure out how to submit their own scores. I’m sure this was easily done by getting the network packet and then inserting their own score and creating a direct request to the server, bypassing the game entirely.
So, I decided that I would further secure things by encoding the request with an MD5 hash. I might first create a string like “username=bob game_id=7 score=56000” and MD5 it. Then I would pass the MD5 value, along with the other 3 values, to the server via a request to a PHP script.
So, I still have a problem because the source code can be extracted easily. How am I supposed to fix this? How am I ever supposed to create pseudo-secure communications when any code I write can be read?
Thanks for any pointers!