Programming Forums > Application Development > Java

Booooze · Jul 4th, 2006, 8:05 PM

Something doesn't seem right here. I could be wrong, but I agree with whoever it was that said this could be a 'security risk'. Seems like people could easily cheat the system. What I dont get is that you make the game in java, pass the score to the php page (correct?), ask the user for there name, and then pass it to a server to enter in the highscores list.

So, you get the high score, and tack it to the url like this (as jimbo said) :

(Toggle Plain Text)

http://someplace.com/aPage.php?score=10294059

(edited name out)

You redirect them to the page right? where they enter there name.
Its basicly the cod you have, with the highscore tacked on.

(Toggle Plain Text)

http://someplace.com/aPage.php?score=10294059&name=you

If you did that, using GET method, I could easily enter whatever I wanted. This is where I could be mistaken, but even if you used the POST method, Couldn't I still take your code, and throw in a high score? Couldn't you just copy the page, edit it a bit with a hiddentag for highscore, and still pass it along.

Right or Wrong? Just my point of view.

Jimbo · Jul 4th, 2006, 8:14 PM

I think Eric is trying to keep as much as possible in the applet, in which case you'd have to reverse-compile it to get the code (I know it can be done, but I've never looked into it and don't know what it takes). If it was just an HTML form, things would be a bit simpler to mess with.

Eric the Red · Jul 5th, 2006, 9:58 PM

Quote:

Originally Posted by Booooze

What I dont get is that you make the game in java, pass the score to the php page (correct?)

Correct

Quote:

You redirect them to the page right?

No, your wrong. The applet is just going to send the score data to the URL. They wouldn't see me doing this.

After everyones help (thanks you). I realized that maybe calling a javascript method (to send the data to the php site would be better).

@Dawei, so the java Applet should call a javascript method (on the html page) which sends the data to my php server? Am I getting this right? Because PHP is the only server side programming I have access to.

Quote:

If you did that, using GET method, I could easily enter whatever I wanted. This is where I could be mistaken, but even if you used the POST method, Couldn't I still take your code, and throw in a high score? Couldn't you just copy the page, edit it a bit with a hiddentag for highscore, and still pass it along.

Again, this is a hidden action. They don't know that I'm doing this. They won't know what website i'm communicating with.

Booooze · Jul 5th, 2006, 11:14 PM

aha. Makes a little more sense now.

titaniumdecoy · Jul 5th, 2006, 11:31 PM

JavaWorld: POSTing via Java

JavaWorld: POSTing via Java revisited

Eric the Red · Jul 5th, 2006, 11:38 PM

Quote:

Originally Posted by titaniumdecoy

JavaWorld: POSTing via Java

JavaWorld: POSTing via Java revisited

I've been searching on end looking for something like this.

THANKS so much!!!!! You saved me from learning Javascript.

I guess Java can do pretty much anything

titaniumdecoy · Jul 5th, 2006, 11:51 PM

No problem.

I found the first link by typing "post java" in Google.

Jul 4th, 2006, 8:05 PM	#21
Booooze Expert Programmer Join Date: Mar 2006 Location: Igloo Posts: 710 Rep Power: 3	Something doesn't seem right here. I could be wrong, but I agree with whoever it was that said this could be a 'security risk'. Seems like people could easily cheat the system. What I dont get is that you make the game in java, pass the score to the php page (correct?), ask the user for there name, and then pass it to a server to enter in the highscores list. So, you get the high score, and tack it to the url like this (as jimbo said) : (Toggle Plain Text) http://someplace.com/aPage.php?score=10294059 http://someplace.com/aPage.php?score=10294059 (edited name out) You redirect them to the page right? where they enter there name. Its basicly the cod you have, with the highscore tacked on. (Toggle Plain Text) http://someplace.com/aPage.php?score=10294059&name=you http://someplace.com/aPage.php?score=10294059&name=you If you did that, using GET method, I could easily enter whatever I wanted. This is where I could be mistaken, but even if you used the POST method, Couldn't I still take your code, and throw in a high score? Couldn't you just copy the page, edit it a bit with a hiddentag for highscore, and still pass it along. Right or Wrong? Just my point of view.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Jul 4th, 2006, 8:14 PM	#22
Jimbo Battle Programmer Join Date: Feb 2006 Location: Bellevue, WA, USA Posts: 763 Rep Power: 3	I think Eric is trying to keep as much as possible in the applet, in which case you'd have to reverse-compile it to get the code (I know it can be done, but I've never looked into it and don't know what it takes). If it was just an HTML form, things would be a bit simpler to mess with.

Jul 5th, 2006, 11:14 PM	#24
Booooze Expert Programmer Join Date: Mar 2006 Location: Igloo Posts: 710 Rep Power: 3	aha. Makes a little more sense now.

Jul 5th, 2006, 11:31 PM	#25
titaniumdecoy Expert Programmer Join Date: Nov 2005 Posts: 856 Rep Power: 3	JavaWorld: POSTing via Java JavaWorld: POSTing via Java revisited

Jul 5th, 2006, 11:51 PM	#27
titaniumdecoy Expert Programmer Join Date: Nov 2005 Posts: 856 Rep Power: 3	No problem. I found the first link by typing "post java" in Google.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Programming Forums > Application Development > Java

Java and Web Pages