AJAX Simple question

Hi,

I have one simple question : who can see my URL when I will publish my game ?

For example, I do request to : "www.mywebsite.com/Script.PHP?Variable1="&Variable1&"&Variable2="&Variable2

and my script sends Variable 1 and Variable 2 to my Mysql database. So anyone who know my URL can enter and send information to my database !

Thanks !

It's basically out in the open for everyone to see. If you know where to look it's about 2 key presses (dev tools, network tab).

Sorry, Ashley but I don't understand you. That mean everybody can be registred in my Mysql table without use my game ?

Yep!

There are many ways you can secure your connection. For instance add a "securityKey" as another parameter.

Create a key constant in C2 with some value just to salt the hashing. And do the same on your server side.

For instance:

hashingKey = "#$fdsf$%6YThfY^&%^&24wrw"

securityKey = sha1(username & hashingKey & something)

Send this security key to your server together with credentials. Now on the server side also create securityKey in the exactly same way and compare if it is equal to the one which came.

In that way even if someone knows the URL for registration he is not able to fake the securityKey so he can't do anything.