sql - How to hide / encrypt POST data sent from FLASH to PHP from Tamper Data -


tamper data

there terrible thing called tamper data. receives post'ing data flash php , give ability user change values.

imagine in flash game (written in actionscript 3) score points , time. after match completed score , time variables sending php , inserting database.

but user can easy change values tamper data after match completed. changed values inserted database.


my idea seems won't work

i had idea update data in database on every change? mean if player +10 score points need instant write database. how time? need update table in database every milisecond? protection solution @ all? if user can change post data can change everytime last time when game completed.


so how avoid 3rd party software tamper data?

tokens. i've read article tokens, there talking how create random string token , compare database, it's not detailed , don't have idea how realise it. idea? if yes, maybe how realise practically?

according me better way send both parameter , value in encrypted format score=12 send c2nvcmu9mti= base64

function encrypt($str) {      $s = strtr(base64_encode(mcrypt_encrypt(mcrypt_rijndael_256, md5(saltkey), serialize($str), mcrypt_mode_cbc, md5(md5(saltkey)))), '+/=', '-_,');  return $s;  }  function decrypt($str) {     $s = unserialize(rtrim(mcrypt_decrypt(mcrypt_rijndael_256, md5(saltkey), base64_decode(strtr($str, '-_,', '+/=')), mcrypt_mode_cbc, md5(md5(saltkey))), "\0"));  return $s; } 

Comments

Popular posts from this blog

Payment information shows nothing in one page checkout page magento -

tcpdump - How to check if server received packet (acknowledged) -