I'm writing a small online flash game that keeps high scores of players. Obviously I'd like to keep the players from cheating and getting an arbitrarily high score.
What are the most common methods for cheating in flash games and what can I do to make it hard to use them?
**hides
To protect the high score as it's being sent to your server, either digitally sign it with a key embedded in your app, or else send an HMAC of the data (again, key embedded in app).
This suggestion assumes that people do not reverse-engineer your flash game. Not that this is hard, but in most cases, there are much easier ways to attack flash games, so this will raise the bar a little higher.
The most common way to cheat is to use Cheat Engine.
See it in action on YouTube, along with 100s of tutorials on cheating in the most popular games.
Keeping people from cheating is going to be nearly impossible. But there are several methods for securing the high scores table, which could be applicable to cheating in general.
Sites like http://nonoba.com, and http://www.mochiads.com have highscores APIs with some in-built protection, so that might be an option if it's just a personal project.
Depending on the style of game, it might be possible to verify high scores serverside by a type of "replay" technique.
That is, rather than sending the high score to the server, send the record of the user's actions to the server.
This is not really suited for use in an action game, though for other types (such as Fantastic Contraption, or even Desktop TD) it is viable. Though maybe you would only enable it for special events (tourneys) or something like that, because for a popular game this would be fairly taxing.
This has been discussed in a previous thread - some good suggestions there.
I've been using GameInt API at http://www.gameknob.com with very good results since int are encrypted. It's really hard to hack down these values since this api uses a random key to make the xor encryption.
Hope this helps!