将未篡改的数据从 Flash 应用程序传递到服务器? [英] Passing untampered data from Flash app to server?
问题描述
我正在寻找在运行 Flash 的客户端和服务器之间传递数据的安全方法.有问题的数据将由 Flash 应用程序生成,在这种情况下是您完成游戏后的分数.我想验证服务器上的数据未被篡改.有什么好的方法可以完成这项工作?
I'm looking for secure ways to pass data between a client running Flash and a server. The data in question will be generated BY the Flash app, which in this case is your score after finishing a game. I want to verify the data is untampered on the server. What are some good methods of getting this done?
一种简单的方法是对数据执行一些操作,例如散列,并将散列与数据一起传回服务器.但是,可以访问客户端源代码的人很容易破坏这一点.
One simple way is to perform some operations on the data such as a hash, and pass the hash back to the server along with the data. This is easily broken by someone with access to the client source code, however.
编辑:我意识到没有什么是不可破解的,但我想让它尽可能地困难.@jcnnghm 使用公钥加密数据并可选择使用游戏日志进行完整性检查和/或重新计算的解决方案是我认为的最佳选择.SSL 加密也是一个好主意,因为这使得解密实际发送回服务器的内容变得更加困难.
Edit: I realize that nothing will be unhackable, but I want to make it as difficult as possible. @jcnnghm's solution of encryping data with a public key and optionally doing sanity-checks and/or recalculation with the game logs is the best option I think. SSL encryption is also a good idea as this makes it more difficult to decipher what's actually being sent back to the server.
推荐答案
使用存储在二进制文件中的公钥加密数据.这将提高攻击的进入壁垒.除此之外,当数据到达服务器时,会对其进行完整性检查.这可以很简单,例如计算每个游戏时间单位实际可以获得的最大积分数,或者将游戏日志传输回服务器以确保得分正确.
Encrypt the data with a public key stored in the binary. This will raise the barrier of entry for an attack. In addition to that, sanity check the data as it arrives on the server. This could be as simple as calculating the maximum number of points that could realistically be earned per time unit of play, or transmitting game logs back to the server to make sure the scoring is correct.
无论您做什么,都不会完全证明是黑客攻击的,但这只会阻止最坚定的人.
Nothing is going to be totally hack proof, no matter what you do, but this will stop all but the most determined.
更新:@mark:Flash 本身支持 SSL.
Update: @mark: Flash supports SSL natively.
这篇关于将未篡改的数据从 Flash 应用程序传递到服务器?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
