

How most Flash games insert highscores and why it's not smart - bashzor
http://www.miniclip.com/php/HS/hs.php?version=2&timer=123110120761385&key=20f1a1a23007871ed6a5e84b347039b0&location=xD&score=1337133713&username=HackerNews&gamename=bubbletrouble&formaction=gethighscores&dwm=2

======
benologist
How you post the data is a small portion of protecting a score - kids also use
Cheat Engine to modify values in-memory which will be submitted properly.
There's a community where they share instructions on how to modify games as
well as a handful of sites where modified versions get published.

MochiDigits are really worth checking out for protecting in-memory values:

[http://code.google.com/p/cunitescore/source/browse/trunk/as3...](http://code.google.com/p/cunitescore/source/browse/trunk/as3/unitescore/mochi/MochiDigits.as?r=92)

For the submission process ... Flash is a _very_ weak and open product, aside
from browser debuggers and whatnot you can just decompile most games and see
first hand what the source is. I lean towards obfuscating it just enough to
not be "change this parameter in the URL", if you need more security than that
you really need a user system + consequences for cheating ala Kongregate.

------
mooism2

      The "Hoff" says "NO"!
    

Was there supposed to be something other than an image macro at the end of the
link?

~~~
bashzor
Actually, yes. I forgot to test the link afterwards...

Apparently, anyone having "hacker" in the username gets blocked, if you change
that to "HN" it works. I made a different link without hacker in it, then got
distracted, and when posting it apparently copied it from the wrong browing
tab. Let's resubmit, this kinda sucks...

