kawsper

Hello
We are a little group of IRC-friends who have made a keycounting program a channel project.

Our test program counts how many times the user are pushing his/hers buttons, and notifies our server once in a while with an URL like this http://ourserver.com/update.php?user...2&keycount=542 .
It's not so hard to make the user check secure, but what about the keycount? Every fool out there who knows something about networking can make our programs request by themselves and can give themselves an unfair amount of keypresses.

How do we make this a little more secure?

Thank you.

DaWei

Depends upon what you consider secure, but why use GET if you don't want it readily seen.

__________________
Abstraction doesn't make it impossible to write bad code; it makes it possible to write superior code.
Contributor's Corner: Grumpy on C++ Exceptions DaWei on Pointers

kawsper

Secure as in, dont set your own keycode, our program will be opensource and available for view to everyone, so i really doubt that using POST will be a wall to cheaters.
I am aware that i should use some kind of encryption but how can i make it secure if everyone can see our implementation and algorithm?

Dameon

You can't trust clients. They can come up with whatever data that they wish. The job of the developer is to make relevant checks to be relatively sure that the data isn't nefarious as well as limiting the amount of data from the client in the first place. There's an open source multiplayer game that I sometimes play that happens to not perform enough checks on position updates. For that reason, I often choose to teleport around and cheat. Physics are entirely client side, so I decided to turn off gravity too. So on and so on. Good fun, really. In this case, there are no relevant checks. Encryption you say? Certainly not. What stops a client from encrypting any invented value? You can either trust the clients to not lie (yeah right) or put a bot in the IRC channel to count the characters sent by every user.

__________________
MD5(sig) = bcef75433db02e9ad9bf81d6f7c5c270

DaWei

Ta Daaaaaa. We have the makings of a new super-hero comic book. Dameon-Mannnnn. Oh, given the common home-state, maybe better yet, Suuuuuuuperrrrrrrr Texxxxxxxxxx!

__________________
Abstraction doesn't make it impossible to write bad code; it makes it possible to write superior code.
Contributor's Corner: Grumpy on C++ Exceptions DaWei on Pointers

Dameon

Now there's one for my signature.

__________________
MD5(sig) = bcef75433db02e9ad9bf81d6f7c5c270

DaWei

Here he comes to save the dayyyyyyyyy....

Attached Images

SuperTex.jpg (2.8 KB, 26 views)

__________________
Abstraction doesn't make it impossible to write bad code; it makes it possible to write superior code.
Contributor's Corner: Grumpy on C++ Exceptions DaWei on Pointers

Rory

DaWei's found his figure of fun: but who's the sidekick?

It must be the medication...

DaWei

I'm not making fun of Dameon. I found his post truly amusing and responded in my inimitable way. I didn't provide a sidekick because a super hero with a member of the fair sex under his arm has absolutely no use (at least at the moment) for an intrusive sidekick.

__________________
Abstraction doesn't make it impossible to write bad code; it makes it possible to write superior code.
Contributor's Corner: Grumpy on C++ Exceptions DaWei on Pointers

Dameon

But...I implore, of what species?

__________________
MD5(sig) = bcef75433db02e9ad9bf81d6f7c5c270