tags:

views:

36

answers:

1
+2  Q: 

how to check whether the data is tamper or not while the form is POST in asp.net

I have a form that submits the game score. Is there any way to check whether that game score is not tampered during submission. I am using POST method, for GET method we can use HASH, but i am looking for POST method

A: 

What do you mean by tampered with? Are you calculating the score in some client-side code and sending it back to the server? If that's the case, then no there is no way to check. The cardinal rule is to never implicitly trust anything that comes from the client. Validate everything with server-side logic.

David  2010-09-09 00:31:39
Yeah, but the general question is quite interesting. How can the server validate the score if the game runs locally on the client? I actually wonder how games with online scoreboards do this; many of them seem to be tamper-resistant because the scoreboards don’t get filled with cheaters.
Timwi  2010-09-09 00:45:35
My game runs on flash and after the game is over, user will be allowed to submit their score. So i am using POST method in flash to send the data with the game score. So still i am in confusion of how to secure the data transfer before storing into the database
RagZ  2010-09-09 06:26:25
Ah, I see more clearly what you're saying now. It definitely is an interesting question, but one I haven't had opportunity to come across yet. I'll give it some thought today. Can the Flash code be disassembled at all? That is, can internal constants be extracted from it? If not then you'll probably end up with some kind of internal hash that combines the data being sent with a timestamp and some known (internal constant) seed and send that along with the POST. On the server you'd re-hash the data with the timestamp it contains and the constant to see if it matches the supplied hash.
David  2010-09-09 11:20:04
Note that this is more of a "security through obscurity" model, which I generally don't advocate. But for online games it often comes down to starting off with something relatively simple and seeing if there's a demand for something more complex and secure, with an ensuing battle between the game and any cheaters who find it worth while to fight such a battle. There are non-technical ways of discouraging cheating as well (banning, in-game social stigma, an engaging enough game that people won't want to cheat, etc.)
David  2010-09-09 11:22:58

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?