- Home /
Sending logs over the Internet
Hi guys,
I'm working on my very first phone game (not an iOS game by the way) and I want to log players scores in order to have a "sort of" leaderboards at the end of every games.
My first approach was to send game statistics to a PHP page on a private server I own. But as I send it thanks to a _GET method, the statistics are actually visible in the URL.
example:
http://myserver.com/game_logger.php?score=12&color=blue&blah=foo
As you can see it's pretty simple to add statistics to my leaderboards... even without playing. A web brower is enough to add false data.
How do you manage custom (ie: using your own server) leaderboards in your games ? Is there another more secured way that using _GET ?
Thanks,
Answer by Graham-Dunnett · Feb 08, 2013 at 11:05 AM
One way of adding protection is to use an MD5 hash of the values that you are uploading. So in addition to:
score=12&color=blue&blah=foo
compute
hash = MD5('score=12&color=blue&blah=foo' + "magic string")
then add this as to the end of the URL as another param. On the server, then compute the hash again, and only accept the score if the computed hash equals the passed hash. This way, only people who know what the magic string is can compute the hash correctly. Note that this approach is not totally secure. (Someone could look at the hash that is passed, and resend the same data as often as they liked. Also, the client contains the magic string, so a hacker could find it in the code.) This is just a straightforward, simple, way of giving you some protection.
A different approach is to use a Number Used Once, or NONCE. In this scenario, the client (ios app) asks the server to send it a unique number. You use that number when uploading a score, so the server knows who you are.
Whatever you decide to do, take a look at this page. Oh, and obviously you can use WWWForm
and do a POST.
Thank you Graham. Nice and clear. Do you use this technique yourself ? Do you use another technique to manage leaderboards ?
Thanks again.
Your answer
Follow this Question
Related Questions
Unity3D WWW takes URL from address bar 1 Answer
Game Center ReportScore & Leaderboard 1 Answer
How to implement leaderboard with social api 1 Answer
Android PlayGamesServices ShowLeaderboardUI stops functioning after hitting Home button 0 Answers
store/rearrange integers for a basic scoreboard with C# 2 Answers