sql - How to hide / encrypt POST data sent from FLASH to PHP from Tamper Data -
tamper data
there terrible thing called tamper data. receives post'ing data flash php , give ability user change values.
imagine in flash game (written in actionscript 3) score points , time. after match completed score , time variables sending php , inserting database.
but user can easy change values tamper data after match completed. changed values inserted database.
my idea seems won't work
i had idea update data in database on every change? mean if player +10 score points need instant write database. how time? need update table in database every milisecond? protection solution @ all? if user can change post data can change everytime last time when game completed.
so how avoid 3rd party software tamper data?
tokens. i've read article tokens, there talking how create random string token , compare database, it's not detailed , don't have idea how realise it. idea? if yes, maybe how realise practically?
according me better way send both parameter , value in encrypted format score=12
send c2nvcmu9mti=
base64
function encrypt($str) { $s = strtr(base64_encode(mcrypt_encrypt(mcrypt_rijndael_256, md5(saltkey), serialize($str), mcrypt_mode_cbc, md5(md5(saltkey)))), '+/=', '-_,'); return $s; } function decrypt($str) { $s = unserialize(rtrim(mcrypt_decrypt(mcrypt_rijndael_256, md5(saltkey), base64_decode(strtr($str, '-_,', '+/=')), mcrypt_mode_cbc, md5(md5(saltkey))), "\0")); return $s; }
Comments
Post a Comment