Safely saving data via an API in a HTML5/WebGL Game
Question
I am creating a HTML5/WebGL based game and am getting a little stuck when thinking about saving game data to the server.
I need to save the data with out a page load. So the obvious choice is to use a AJAX call to my servers Restful API. Obviously this presents a few issues. Mainly spoof requests. Using AJAX calls will mean the request is being made client side, allowing "bad" users to send their own request to the server altering the data to benefit themselves.
I first thought to secure the server using sessions. On the initial page load, store a session allowing access to the API. Though I am sure sessions can be spoofed.
How could I best achieve saving game data to a server safely?
1 answers
solution1
0 2013-03-07 14:29:55
You could expand on this simple example;
<?php
$secret = "test123";
$time = time();
$code = md5($secret.$time);
The secret and time are combined and hashed together. The resulting code and the time are sent to the server;
http://www.domain.com?TIME=1362668370&CODE=cdade9f3df6a8cb9b17c736b96c64133
The server can then hash the secret and received time value and compare that with the received CODE.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.