I have a flash game that submits highscores via the post method. If a person makes this general form they can easily "hack" my highscore system and input whatever values they want.
<form method="POST" action="http://www.mysite.com/scores.php">
<input type="hidden" name="winname" value="Colby">
<input type="hidden" name="winscore" value="99999">
<input type="submit" value="go!">
</form>
I also used several unrelated methods to slighty encrypt the data... but that can be easily hacked by crytptology (lol.).
Is there a way to make only the webpage with the flash app on it to acess scores.php. Maybe $Sessions.
