[IGDA_indies] Re: Secure online high scores
Tom Spilman
indies@igda.org
Fri, 9 May 2003 07:03:17 -0500
I realized just now that this is probably off topic here. Please ignore
or reply directly to me. Tom
----- Original Message -----
From: "Tom Spilman" <tom@sickheadgames.com>
To: <indies@igda.org>
Sent: Friday, May 09, 2003 4:12 AM
Subject: Secure online high scores
> I've been recently thinking about how to secure the online high score
> list for our puzzle game. Since global rankings is one of the features
you
> get with the full paid for version of the game, i'm going to ensure i
> deliver something that doesn't just piss off the customer.
>
> Our puzzle game is deterministic like any good piece of software. So
> i'm thinking of just sending the whole replay of the game to our server
for
> it to determine the score. For our game the absolute worst case is
sending
> the seed, a near impossible 1000 moves ( that would be around an hour and
a
> half of gameplay without a loss ), plus a few more things like level time
> remaining and stuff. Uncompressed that would take less than 600 bytes to
> send. The server side can simulate the game quickly and post the player's
> score. To hack such a thing you would have to be able to play the same
> seeded game over and over again to determine the right set of moves to
> attain the score you want. It becomes increasingly difficult as the score
> gets higher. It would be difficult enough that he probably deserves the
> score if he does it. At least much more difficult IMO than hacking one
> packet/url/encryption scheme and sending it off.
>
> Are there any other techniques people have used? Anything i should
> avoid doing aside from spending too much time on this? =)
>
> Tom
>
>
>
>
>
>
>