Unable to get high scores

I have created a server side high score table using the Unify tutorial
http://www.unifycommunity.com/wiki/index.php?title=Server_Side_Highscores

This works great in my editor, but when I build it hangs on loading scores. As it is in the WebPlayer I cannot see error messages, but it looks the same as when the editor could not find my crossdomain.xml file.

The crossdomain.xml is in the root of the server and to make sure the game is in the root too.

If the editor can use it I would have thought the build version would find it too.

Is there a way to turn on debug mode on web builds to see if there is errors?

You can see the problem here. This is no where near finished.

For web player debugging, refer to this article - http://unity3d.com/support/documentation/Manual/Web%20Player%20Debugging.html. Do note that for Win7/Vista, the UnityWebPlayer log files are located in OSDrive:/Users/UserName/AppData/Temp/UnityWebPlayer/log

And for a side note - the method depicted here for handling highscores is very unsafe. While it is a good tutorial to get started on working with Unity and remote web servers, it is not something I would use for a production build.
The scores are managed on the client side, and the user can easily spoof the scores by sending a fake submit request. Hashing the request has no effect here since it too is done on the client side in JavaScript - which is a plain text script anyone can view and see the hashing algorithm.

The best practice would be to do all the score logic on the server side through remoting - but on small scope projects that is only feasible for UI games / applications. You probably don’t have the resources to run a dedicated session server to keep track of all the game states :slight_smile:

The second option would be to encrypt the score value in the Unity player before transmitting it, and decrypting it on the server side. That method still works on the client side, that is true, but disassembling a Unity project or deciphering your encryption protocol will take more time than simply clicking “View Source” on a web page. And to add a little more security to that, obfuscate the scores when stored in your application memory to make it more difficult to simply memedit the player.

Remember, as a general rule of thumb - ANYTHING on the client side is visible to the user. The question you should ask yourself is what method is the most cost efficient, and for the most part, adding some basic encryption to the client side will suffice.

Btw, I tried to run your game, but it doesn’t work. The play button doesn’t do anything and the highscore table displays loading all the time.

I know I went a bit off-topic with that, so excuse me for the long read and good luck with your game :slight_smile:

Happy new year!