loadVariables only from my server

Balala · March 28, 2006, 5:36pm

Hi guys,

Im developing a game. In some parts, i need to save some info on database (like experience, money, level, …).

But i cant let people inject code on the server side script (php).

If i send the variables via post, the injector may create a form and send too =(

In php, i’ve tried to get the referer from where the data came from… without success, from flash, the referer comes null =(

If i make SESSIONs, the injector may enter on the game, after that, he goes to the form to inject the data, the session will not be erased =(

Any idea?

Thanks in advance

forwardtrends · March 28, 2006, 5:45pm

If the form is never mentioned (ie the_form.php) inside flash - how will an “injector” be able to mimic a form call? (Not to mention without knowing what the form variables are)

JoshuaJonah · March 28, 2006, 5:51pm

As long as the PHP page is not displaying the information. If it’s just pulling into flash, your pretty secure. Unless you use a decompressor.

Balala · March 28, 2006, 5:55pm

Yeah… the ■■■■ decompilers =/

With these tools, the injector will know the file name

Topic	Replies	Views
Flash to PHP security programming	79	October 14, 2006
Protecting game points database programming	43	October 8, 2004
Protecting game points database	49	October 8, 2004
PHP w/ FLASH security flash	61	February 23, 2005
PHP w/ FLASH security	88	February 23, 2005

loadVariables only from my server

Follow:

Popular

Loose Ends

loadVariables only from my server

Related topics

Follow:

Popular

Loose Ends