Php :: Actionscript 3.0 -> PHP -> MySQL Security On A Game Application
Nov 12, 2011
I am planning on making a game with actionscript 3.0 (flash). However, I am having some security issues on saving user points. To be more specific, read below and you'll understand what's the exact problem. You are starting my flash application. PHP creates a session for your username. Playing for few minutes and reaching 750 points. You click on "Save my points" button. It connects "game.php?points=[]" with your point amount, hence, game.php?points=750. PHP connects to MySQL and does an update/insert query with the username you entered when opening application, and gets the points with $_GET['points'] as you can see on 3.
The issue is, Anyone who could directly browse "game.php?points=999999999999" would have his points saved in the database. I thought about encrypting the points, however, Flash is a client-side application and anyone could change the "points" value with an application like "Cheat Engine". Once they change the points, encrypted points will automatically be generated by Flash.
I also thought about creating a private key for each player on their signup and encrypt accordingly, but it also won't work because once an user change his points with Cheat Engine, flash will automatically encrypt the points with given private key, hence, another useless theory...
I haven't fully grasped how the flash security model works, and now I've ran into a problem. I have a base SWF that loads a game loader swf, which in turn loads the actual game.What I'm trying to do is taking a current bitmap snapshot of the running game. This works fine before the loader swf has loaded the game. When the game is loaded, I get a security violation because the game has images pulled from facebook. Is this something that can be solved on my end, or restricted by security in the game swf?
I'm working on a Site that uses Flash in conjunction with a PHP and MySQL. It is possible that someone could guess the variable names used in my PHP scripts and post bogus data to my data base.
I'm using a script to escape all of the data that goes to MySQL.
I usually organise tournaments on my site (flash based) and this time I have added a tournament in which users have to complete a jigsaw puzzle and the one who completes it in the least time wins some prize. As the jigsaw puzzle always produces random location, it is difficult for them to hack. They can't even directly download the game as it can't be downloaded using flash saver etc. But I want to know if they can make a program which completes the jigsaw puzzle automatically.Even time can't be hacked as I use time also tick on my server side so I match the time submitted by the game and the time stored in my server.
First time on here.We teach English through games. All done on flash AS3 now. Want to put courses online so I have been told to use php to communicate to server and database. My question is:Do I use mysql to save stats or xml FIRST: I will get info from xml and send it to my activities in flash - I'm OK with thisSECOND: I want to send out stats from flash to mysql OR xml. The stats are:1. Student logs on of course using username and password (well that comes in not out)2. What lesson the student is on ie: 2, 3, etc...3. Highscores for game activities4. Scores student gets on each activity As far as I can see the only stats that grow are the scores on each activity and even those could be erased periodically.
I would like to create a application in AS3.0 that going to publish to website where I'm trying to prevent from other people to download and decrypt. But of course, i need to design the application in such a way that it doesn't contain any sensitive data in case someone successfully download and cracked it.
However, i'm not sure whether it is really safe to include sensitive data by using dynamic external script (e.g. putting "include Data.as" on action). I understand that only during compilation this Data.as is being dynamic loaded but I'm not too sure people can decrypt and see the content of Data.as by some other way to download and crack from my application.
I am very new to Flex. I want to build an application that will contain many radio buttons. I want to know how to update mysql by the status of radio buttons.
We are using flex for same. (Although I know flex is meant for web application and air application is best suited for desktop clients, but due to some build issues we can't go for air applications). Now according to our use case we required to read file from local file system which is not allowed in flex application due to sandbox policy. To override it we had planned to use it in local mode (i.e. running from local file system instead of deploying in web container). So after running application in local mode it bypasses sandbox policy and allows to read local file. Eventually we requires remote services call (either using web services or blaze ds) also in our application. To avoid sandbox restriction for network access in local mode we are planning to explicitly grant network access permission to our flex application.
I would like to have a Flash Application (not air) to connect to a local database. Air is not only getting unsupported by Adobe in LINUX but besides, it has serious problems and miss implementation with SQLite. So we want to connect to a local MySQL database. This application should be simple, so we do not want to also have an unnecessary web server (also local) to make a middle communication between the flash app and the MySQL server. There is this driver that allow to communicate Flash with MySQL [URL] Question is: Would it be any problem using this approach when installing the whole application to each client? (because we also in the installation should install a MySQL server).
So, here is the question. I have a small flash application that sends some variables to a php script (via POST), and that php script sends them to a mySQL database.
This works fine when I'm testing my flash offline, I go to phpmyadmin, and the registry is done. When I upload the swf to a online html, this stops working. It no longer creates another registry in the database. I have no ideia why this happens.
I read a bit about it and found out about cross domain policy, and thought it might be the problem. Thus I made a small .xml file and uploaded it to both servers (the one the swf is on, and the one that has the database), and its still not working.
I tried asking this on the Spring forums ([URL]) but did not get a response. I'm working on a web application that has an (end user) user interface built in Flex and a management user interface built using Spring MVC. I'm trying to secure both interfaces and can get each one working separately, but not together. I'm using a snapshot build of spring-flex-core 1.5.0 with Spring Security 3.1RC1 and Spring 3.1M1
[Code]...
I'm obviously missing something but while the Spring Flex documentation describes how to configure a hybrid MVC+Flex application at the servlet level it appears to only consider security from the perspective of a flex-only application.
I have moved a web application from old domain to new domain. I cannot get Flash to engage. I have changed the domain in flash_images.php file to the new domain. I have a flash_box.swf file and I have a js file these are the only flash components that I see--old domain is e.g. www.example.com new domain is [URL]..I am not a flash developer, how do I get flash to work on the new domain?
how do you make these software interact so when i play the game it has a login, highscore.i really dont know what im doing so if you reply can you please give me step by step intructions
I have a typical Flex-based application that was written to use a Java/Hibernate/MySQL backend. The client changed the requirements - now they want to distribute it on a CD where the user can just run the app without any installation or a network connection.
To do this, I certainly need to eliminate the web server and the database server and adapt my application (with as few changes as possible, of course) to a stand-alone application that will fit on a CD/DVD. I've managed to export the data to XML and read it into Flex, but I'm wondering if there's a way to recreate the Hibernate data structures in Flex so I could change as little code as possible. Failing that, is there any way to keep the existing Java/Hibernate external to the Flex code but retrievable without installing Apache Tomcat or MySQL?
I have a Flex application which manage a database composed by 7 tables.I have created the insert form and all work great. Now I wanto to improve the Form performances; the idea is to replace the TextInput of the Form with ComboBoxes which are provided by the DataBase tables
I am getting a strange problem while I am making my release build swf.The swf is supposed to make some internal server calls and then display the data and also play it.When I make a release build swf and excute it, while making server calls it throws exceptions likeSecurityErrorHandler: [SecurityErrorEvent type="securityError" bubbles=falsecancelable=false eventPhase=2 text="Error #2170: Security sandbox violation:file:///Path to the swf/WebPlayer.swf cannot send HTTP headers to **Method Name to bring data from the server***]And after this nothing can be done as everything depends on the data from the server..I have updated my cross-domain.xml on the server to support the master-only policy file but that also didnt ..My cross-domain.xml is
In my table the Collation is:latin1_swedish_ci (but i tried UTF8_unicode too).In my flex application when it shows the table,it displays it correct,with all accent and pointing correct,but in the table is like :
I'm having trouble with an AS3 AMF RemoteObject request that is hosted on App Engine. I have a crossdomain.xml file in the root of the domain, and also one at the remoting endpoint.Here are the contents of the root crossdomain.xml:
Loading the swf file and testing it on my machine works just fine... I think that may have something to do with me having the debugger version of Flash Player. When I push it up to App Engine to make it public, other clients access it and get a Client.Error.MessageSend Channel.Security.Error error Error #2048 url: http:[url].......I am using Flex 4 beta, and the App Engine Python runtime. I have tried full wildcard in the crossdomain, and even accessing the data endpoint at a relative URL so as to avoid this error.
My SWF resides on domain A, is loaded by a web site on domain B and is trying to ping URL (URLLoader.load) on domain C. But I am getting "#2048: Security sandbox violation" .. why? Of course I have read the manual, I saw the security white paper but I do not understand it. Don't you know any blog or such where it is explained for dummies? With lots of examples and maybe a table showing what is allowed and what is not?
I get following error: Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: [URL] cannot load data from 192.168.3.5:4854. at TicTacToe_fla::MainTimeline/TicTacToe_fla::frame1() ". I tryed to solve this problem about 3 hours, but I failed I have the file crossdomain.xml in the same folder like my .swf file on the server with this content:
I am going to develop a very simple game for android and for iphone/ipad I have the option to develop it in cocos2d or in adobe flash air (i am not a developer, but i have 2 developers who are offering me the service)I have a developer that states that cocos2d is better and other one that states that adobe flash air.I want it in cross platform.the cost offered by both developers is the same..i have heard that adobe air has the flaw that it is very slow, is this real? if you had the 2 options which will you use to develop your game and why?
I'm making a game that populates user-designed cards into the game using an external xml file. My main class loads the xml file and then calls to the "Card" class, which wants to use the xml file. I've tried using this.parent and it just gives me a null object reference error. This is what I have so far: Main.as
currently i making this game and objects would spawn at random and be able to click but when de game starts itself, the spawn is correct but i am unable to make it stop when time goes to 0seconds.
I'm creating a game at the moment for my university course and it involves the player character jumping on top of boxs twice to break them as opposed to just once.What would be the most efficient/simple way of writing this in Actionscript 3.
I have recently started working with Mahjong game. But being not so experienced developer. I am just confuse about many aspects of it. So if anyone could throw some light on it. I have to build the game where there could be different number of tiles on screen. 32, 48, 64 , 80, 96, 112 and so on Now I have questions regarding the levels of blocks in this game. I mean the layouts of the game should be predefined or they should be dynamically created? Also I wanted to know how the surface of enable and disable symbols are created?
