Hi…
Currently we save scores from a Web-based Game written in JS in our NSF Database… Scores and Level Information are send by URL like:
http://xyz.com/test.nsf/newscore?OpenForm&Score=123&Level=1
The problem is…
The game is outsourced in a none-Domino Evironment…
Currently its possible to save scores in the Database without playing the game… Directly…
We would like to prevent this action.
We tested the HTTP-Referer CGI Variable, but it only works within the Database itself.
Has anybody a Tipp how we yould solve our Problem?
thanks
florian
Subject: JS is the problem…
You will never solve it entirely as long as the game is based on Javascript. (Since anyone can read it/open it and see how the scores are submitted) You can only create some barriers.(make your code difficult to read, use domain cookies, etc)
Probably the none-Domino environment is supporting .asp .jsp .php or cgi. You would then be able to do it using the backend…
Then you can let the “Game-server” submit the scores into the “Score-server”.
HTTP_REFERER is not Database related.
But the HTTP_REFERER is NOT secure. Many HTTP talking tools allow you to manually set the HTTP_REFERER since the client is sending this information.
We are doing the same thing but then use flash (where the source is more difficult to access) and also send a URL to add a score. But we also include an authentication parameter (some algorythm that you can create yourself)