|
 |
"Apache" <apa### [at] hotmail com> wrote in message
news:405dfde9@news.povray.org...
> The safest way is to let a server-side script replay the game and
calculate
> the score by itself. This creates some barrier that might prevent people
> submitting a hiscore without playing the game.
That would definitely keep people from not playing the game to submit the
score. It would be an awful lot of work, though. There has to be a way to
just send a score and be absolutely sure it came from the script. The best
method I can think of is the HTTP_REFERRER method, but that one is crackable
too. There has to be a really easy solution that doesn't violate my first
promise to my users: "I will keep it simple." No matter what I do, though,
all a person has to do is sniff the communication channel between the
browser and server and spoof the message. So far, it looks like your method
is the only way to guarantee the person actually played the game. Does
anybody have some insight on how to do this without having the server-side
play the game? By doing so on the server-side, it introduces complexity that
may lead to failures.
--
- Respectfully,
Dan
http://<broken link>
Post a reply to this message
|
|
