php and flash security

butterfly

Hi,
I have php pages that interact with flash, sending data to and fro, storing & retrieving data in the database.

The flash is actually a game where points are scored. I need a way to secure my php pages so that a user is unable to hack the code to increase their score.

Any help would be appreciated.

Thanks in advance.

planetsim

Well how is it communicating to the php file.. Are you including the php file?

butterfly

Here is a brief description.

I have php files that capture the data sent to me via flash (such as username and password). The flash is calling the php page that authenticates the username/password in the mysql database and then i return success/fail back to the flash.

E.G
file= login.php
login.php captures $POST['username'] and $POST['password'], queries the database and returns echo "login=success&user_id=1".

So flash would call 'login.php'.

The problem I face is a security issue. Since it is a game users may attempt to read the flash code, see that php files being called and the parameters required and create their own little scripts to manipulate the data.

Is there a way to ensure that the script calling my php file is the legitimate flash?

Sorry if i'm not making sense and again, thanks for your help.

planetsim

Well make checks on where the data is coming. If its only allowed to come from a specific file check the referer. From there if the file is being included in a flash file check that the file isnt being accessed directly.

Other than that if the user wants to cheat they will always find a way.