|
WebApp Sec
mailing list archives
Re: securing web based game
From: Adrian Wiesmann <awiesmann () swordlord org>
Date: Sun, 22 Dec 2002 23:41:16 +0100
IMHO if the algorithm is included in a client-side code, then this
solution is equal to INSECURE, because it's a matter of [rather short]
time for reversers to break it, unless you use some sophisticated
methods and anti-* tricks, but it's just the waste of time.
I would say quite the same. Anything the user can see or test is insecure.
Do not even think about producing some snake oil. The time you spend on
some strange algo will never pay out...
any other ideas?
let the server (instead of client) decide about the points
Much better, but still not good enough. The server will need some
informations to calculate the gamepoints from and here we are again.
Live with the certrainty that a gamer with to much time to spare will
crack any system and concentrate on the gameplay instead.
Regards,
Adrian
 By Date 
By Thread
Current thread:
| 
Intro
