将Flash应用程序中的未经授权的数据传递到服务器? [英] Passing untampered data from Flash app to server?
问题描述
我正在寻找在运行Flash和服务器的客户端之间传递数据的安全方法。有关数据将由Flash应用程序生成,在这种情况下,这是您完成游戏后的得分。我想验证数据在服务器上没有被修改。什么是一些很好的方法来完成这个工作?
I'm looking for secure ways to pass data between a client running Flash and a server. The data in question will be generated BY the Flash app, which in this case is your score after finishing a game. I want to verify the data is untampered on the server. What are some good methods of getting this done?
一个简单的方法是对数据执行一些操作,如散列,并将散列传递回服务器与数据。
One simple way is to perform some operations on the data such as a hash, and pass the hash back to the server along with the data. This is easily broken by someone with access to the client source code, however.
编辑:我意识到没有什么会变得不可破解,但是我想尽可能的困难。 @ jcnnghm使用公钥加密数据的解决方案,并且可以选择使用游戏日志进行健全检查和/或重新计算是我认为最好的选择。 SSL加密也是一个好主意,因为这使得更难以将实际发送回服务器的内容解密。
Edit: I realize that nothing will be unhackable, but I want to make it as difficult as possible. @jcnnghm's solution of encryping data with a public key and optionally doing sanity-checks and/or recalculation with the game logs is the best option I think. SSL encryption is also a good idea as this makes it more difficult to decipher what's actually being sent back to the server.
推荐答案
加密数据与公钥存储在二进制文件中。这将加剧进攻的障碍。除此之外,在数据到达服务器时,请务必检查数据。这可以像计算每个时间单位实际获得的最大点数一样简单,或者将游戏日志发送回服务器,以确保得分是正确的。
Encrypt the data with a public key stored in the binary. This will raise the barrier of entry for an attack. In addition to that, sanity check the data as it arrives on the server. This could be as simple as calculating the maximum number of points that could realistically be earned per time unit of play, or transmitting game logs back to the server to make sure the scoring is correct.
无论你做什么,都不会完全是黑客证明,但是除了最确定之外,这将会停止。
Nothing is going to be totally hack proof, no matter what you do, but this will stop all but the most determined.
更新: / strong> @mark:Flash本身支持SSL。
Update: @mark: Flash supports SSL natively.
这篇关于将Flash应用程序中的未经授权的数据传递到服务器?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
