LÖVE

Posted: **Mon May 25, 2015 3:08 am**

Yes harder. Which is verification. Verification can not be completely fool proof but its still technically verification. Some games do nothing and just let people submit obviously false scores. For example flappy birds

Posted: **Mon May 25, 2015 3:34 am**

bobbyjones wrote:Yes harder. Which is verification. Verification can not be completely fool proof but its still technically verification. Some games do nothing and just let people submit obviously false scores. For example flappy birds

That is true hahaha. I still cannot believe just how viral flappy bird went... people can be weird in what they, as a whole, like.

Posted: **Mon May 25, 2015 4:26 pm**

In the example of Flappy Bird, yes, you can do some reasonable script-kiddy protection. For instance, lets say there's 3.2 seconds between obstacles. Now, lets say the user wants to submit a score of 7. Their time should be between 22.4 and 25.6. Now, lets do some checksuming just to make sure they didn't fake that.

Code: Select all

flappy_checksum = function(time, score) return math.floor(time * 47) + (score * 23) end

Alright, score of 7, time of 23.8, let's run those numbers. 1279. Lets submit that.

Code: Select all

{ score=7, time=23.8, checksum=1279 }

At the server, you double check that checksum.

Code: Select all

if checksum(player.time, player.score) == player.checksum and
  player.time > player.score * 3.2 and
  player.time < (player.score+1) * 3.2 and
then
  accept_score(player)
end

Hooray. Dumb kiddies that are trying to screw with your server using curl will be stumped. I, however, will google "Love2d flappy birds clone server and security", and get this thread where the flappy_checksum function is listed in this post, where I'll find the math to generate your checksums. Or I'll unzip the flappy_birds_clone.love file and just visually inspect the lua files. And if you've compiled them, I can use the lua tools to load that module, print the functions in it, and run the checksum function directly.

So, ask yourself, at what level do you want to bring this fight? There's a point where instead of just checksuming, you're simulating the whole game at the server to check for illegal moves. If you're going to make the next DOTA or LOL or what have you, then yeah, this is probably necessary. Is it needed for a flappy birds clone?

Posted: **Mon May 25, 2015 5:20 pm**

Well I'm sure a checksum would be on server. And the code not made public. But I get the point.

Posted: **Mon May 25, 2015 5:42 pm**

bobbyjones wrote:Well I'm sure a checksum would be on server.

The whole point of a checksum is that the client sends the checksum. The code to calculate a checksum needs to be on both ends.

Posted: **Mon May 25, 2015 5:48 pm**

I~=Spam wrote:
bobbyjones wrote:Yes harder. Which is verification. Verification can not be completely fool proof but its still technically verification. Some games do nothing and just let people submit obviously false scores. For example flappy birds
That is true hahaha. I still cannot believe just how viral flappy bird went... people can be weird in what they, as a whole, like.

Flappy Bird only got known because of PewDiePie. Without him, it would still be unknown and thrown to the wayside. It's basically like having Oprah promote your product. If the name is big enough and has enough followers, they will become customers of whatever they're told to buy/download. But that's off topic. lol

Posted: **Mon May 25, 2015 11:00 pm**

PewDiePie made it popular? That makes sense now. I actually don't know much about him other than what I have learned from an episode of south park.

I am such a grandpa. (I hope someone gets that reference...)

LÖVE

Server and security

Re: Server and security

Re: Server and security

Re: Server and security

Re: Server and security

Re: Server and security

Re: Server and security

Re: Server and security