Programming Forums
Page 1 of 2 1 2 >
Show 40 post(s) from this thread on one page

Programming Forums (http://www.programmingforums.org/forumindex.php)
-   Existing Project Development (http://www.programmingforums.org/forum51.html)
-   -   Safety about user input on server in keycounting program (http://www.programmingforums.org/showthread.php?t=6553)

kawsper Oct 22nd, 2005 7:30 PM
Safety about user input on server in keycounting program
 
Hello :)
We are a little group of IRC-friends who have made a keycounting program a channel project.

Our test program counts how many times the user are pushing his/hers buttons, and notifies our server once in a while with an URL like this http://ourserver.com/update.php?user...2&keycount=542 .
It's not so hard to make the user check secure, but what about the keycount? Every fool out there who knows something about networking can make our programs request by themselves and can give themselves an unfair amount of keypresses.

How do we make this a little more secure?

Thank you.

DaWei Oct 22nd, 2005 8:06 PM
Depends upon what you consider secure, but why use GET if you don't want it readily seen.

kawsper Oct 22nd, 2005 9:27 PM
Secure as in, dont set your own keycode, our program will be opensource and available for view to everyone, so i really doubt that using POST will be a wall to cheaters.
I am aware that i should use some kind of encryption but how can i make it secure if everyone can see our implementation and algorithm?

Dameon Oct 22nd, 2005 9:32 PM
You can't trust clients. They can come up with whatever data that they wish. The job of the developer is to make relevant checks to be relatively sure that the data isn't nefarious as well as limiting the amount of data from the client in the first place. There's an open source multiplayer game that I sometimes play that happens to not perform enough checks on position updates. For that reason, I often choose to teleport around and cheat. Physics are entirely client side, so I decided to turn off gravity too. So on and so on. Good fun, really. In this case, there are no relevant checks. Encryption you say? Certainly not. What stops a client from encrypting any invented value? You can either trust the clients to not lie (yeah right) or put a bot in the IRC channel to count the characters sent by every user.

DaWei Oct 23rd, 2005 7:09 AM
Quote:
I often choose to teleport around...turn off gravity...
Ta Daaaaaa. We have the makings of a new super-hero comic book. Dameon-Mannnnn. Oh, given the common home-state, maybe better yet, Suuuuuuuperrrrrrrr Texxxxxxxxxx!

Dameon Oct 23rd, 2005 2:56 PM
Quote:
Originally Posted by DaWei
Ta Daaaaaa. We have the makings of a new super-hero comic book. Dameon-Mannnnn. Oh, given the common home-state, maybe better yet, Suuuuuuuperrrrrrrr Texxxxxxxxxx!
Now there's one for my signature.

DaWei Oct 23rd, 2005 3:50 PM
1 Attachment(s)
Here he comes to save the dayyyyyyyyy....

Rory Oct 23rd, 2005 4:11 PM
DaWei's found his figure of fun: but who's the sidekick?

It must be the medication...

DaWei Oct 23rd, 2005 4:20 PM
I'm not making fun of Dameon. I found his post truly amusing and responded in my inimitable way. I didn't provide a sidekick because a super hero with a member of the fair sex under his arm has absolutely no use (at least at the moment) for an intrusive sidekick.

Dameon Oct 23rd, 2005 4:46 PM
But...I implore, of what species?


All times are GMT -5. The time now is 1:57 AM.
Page 1 of 2 1 2 >
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.7.0, Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Copyright ©2007 DaniWeb® LLC