Game Development Community

Encode scripts strings

by Dan Keller · in Torque Game Engine · 07/25/2008 (8:59 am) · 3 replies

I'm using an online database to store high scores. To prevent cheating, the site is accessed only by the game itself and not end users. However, when I open the .dso with a text editor, the url is right at the top in a human-readable form. Is there a way to encode it so players can't see it?

By the way, is this a stupid idea?
NextNext Thread
PrevPrevious Thread
More from Torque Game Engine


Associate James Ford
Sickhead Games
#1
07/25/2008 (9:39 am)
If they have an application like comodo firewall/defense+ they will be able to see the url the application is trying to connect to anyway... I don't think theres any way to make that secret. Perhaps connecting to the server requires some password or verification? Then you might want to encrypt the dso containing that password...

Heres a recent resource I recall...

Associate Orion Elenzil
Real Life Plus
#2
07/25/2008 (10:30 am)
> By the way, is this a stupid idea?

a little bit.
that's a classic example of "security by obscurity".
ie, you're relying on the URL remaining a secret, which is very fragile design.
eventually, someone will decrypt your string, or find a copy of your source code, or Mata Hari will wring it out of you. it's best to design your software so that even if your complete source code is published on the internet, it's still a secure app.

of course, you can balance all that against the amount of interest you think there will be in hacking your app.

another option would be to leave the URL in the open,
but have an encrypted protocol. - again, probably still security by obscurity, but in essence you're trusting the client application here in the first place.

Torque 3D Owner Dan Keller
Default Studio Name
#3
07/25/2008 (12:52 pm)
Quote:
of course, you can balance all that against the amount of interest you think there will be in hacking your app.
Not much.

I just don't want to make it too easy.