Tyrant - Java Roguelike / Bugs / #60 online scroe table trivial to spoof

#60 online scroe table trivial to spoof

Status: open

Owner: nobody

Labels: None

Priority: 3

Updated: 2004-11-08

Created: 2004-11-07

Creator: Anonymous

Private: No

One only has to duplicate the url and change the score etc and feed it through wget or browser (sorry about the 1st 2 score positions i figured you could remove them easily anyhow).

Suggest making the client do an md5sum of the data sent and send it along in the url, then have the server do an md5sum in the exact same way as the client does and check it against the md5sum sent by the client.

Discussion

Mike Anderson - 2004-11-08

Logged In: YES
user_id=6450

Well spotted ;-)

Yep, md5sum sounds like a good solution. Just need to figure
out how to do it in PHP so it matches the Java result.

Low priority right now - the scores will probably all need a
zero reset once a v1.0 comes out in any case, at which point
we should have some decent score security. Although we'll
never be entirely safe from client-side hacks.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Mike Anderson - 2004-11-08

priority: 5 --> 3
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Tom Demuyt - 2006-05-21

Logged In: YES
user_id=95445

Hi,

Roguelikes work with an honour code,
I will not make this a priority.

T.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

online scroe table trivial to spoof

Group

Searches

Help

#60 online scroe table trivial to spoof

Discussion