Sending logs over the Internet

Hi guys,

I’m working on my very first phone game (not an iOS game by the way) and I want to log players scores in order to have a “sort of” leaderboards at the end of every games.

My first approach was to send game statistics to a PHP page on a private server I own. But as I send it thanks to a _GET method, the statistics are actually visible in the URL.

example:

http://myserver.com/game_logger.php?score=12&color=blue&blah=foo

As you can see it’s pretty simple to add statistics to my leaderboards… even without playing. A web brower is enough to add false data.

How do you manage custom (ie: using your own server) leaderboards in your games ?
Is there another more secured way that using _GET ?

Thanks,

One way of adding protection is to use an MD5 hash of the values that you are uploading. So in addition to:

score=12&color=blue&blah=foo

compute

hash = MD5('score=12&color=blue&blah=foo' + "magic string")

then add this as to the end of the URL as another param. On the server, then compute the hash again, and only accept the score if the computed hash equals the passed hash. This way, only people who know what the magic string is can compute the hash correctly. Note that this approach is not totally secure. (Someone could look at the hash that is passed, and resend the same data as often as they liked. Also, the client contains the magic string, so a hacker could find it in the code.) This is just a straightforward, simple, way of giving you some protection.

A different approach is to use a Number Used Once, or NONCE. In this scenario, the client (ios app) asks the server to send it a unique number. You use that number when uploading a score, so the server knows who you are.

Whatever you decide to do, take a look at this page. Oh, and obviously you can use WWWForm and do a POST.