[mtasc] using server side mtasc for security
drorex at gmail.com
Wed Aug 17 22:23:33 CEST 2005
On 8/17/05, Timo Stamm <t.stamm at macnews.de> wrote:
> hank williams wrote:
> > I need to do everything to make sure that what is communicating
> > with my server is a legit app and not something that just looks like
> > it but is generating votes that are not legitimate because they are
> > not part of the regular application process.
> It is impossible to guarantee that an unidentified and untrusted client
> is not faking the data.
> Of course obfuscation works well enough for most online games, polls and
> the like.
> But don't call it secure.
Exactly. In your situation, you have no way of 100% securing it. All
you can do is make it as hard to break as you can, such that the dumb
hackers can't figure it out, and it's not worth their time for the
smart hackers to break it.
You can also do other things, like limit the number of votes per IP,
ban IPs that submit even a single invalid request (so if someone
starts trying to hack, you ban them before they succeed). None of
these will be 100%, but will help you limit the possible damage.
More information about the mtasc