Hey gamedevs!
I'm a little bit confused regarding security, encryption, hashing and stuff
We at 25games wanna create games where the player can submit a highscore to our database via AJAX requests.
We already use hashing to make sure that the attacker can't simply perform a submit.php - POST
But how to prevent the attacker from changing the game's state during play?
- Let's say the attacker starts a new game: Score = 0
- Then he plays a little bit and earns some points: Score = 200, Score = 400, Score = 600
- While he is playing he observes the values of the game and compares which one has changed from 0 to 200 to 400 to 600.
- Now when he found the candidate he could easily change the score to 1.000.000 (or can't he do this?)
- Lastly he dies and the score of 1.000.000 is transmitted to our database
What can I do to prevent attackers from manipulating the local state of the game?
Thanks for your answers and have a beautiful day