As you may know, I co-own a popular Flash game site called Electrotank. More than 2 million people play our games every month. When you run a site with that many people playing your games, you are bound to get some people who will try to figure out a way to cheat the high score list. Using some unethical tools, they can look at the ActionScript in the game and find the URL to which the game points when submitting a high score. From this information they can easily create something that will submit fake scores to the score list. The score list, of course, doesn't know the difference between the faked scores and the real scores. This leads to a really annoying problem: cheaters. If there is a way for people to cheat, they will eventually find it. This is not as rare as you may think it is. (For example, the score lists got tampered with on another [Flash 4] game site I used to own as well.) Since this problem isn't going away, you just need to take a few extra steps to make cheating more difficult.
With the files included for this book, we've increased the high score list security a little bit: We have enabled encryption. It is definitely not foolproof in all likelihood this system will get hacked, too but it will make the hackers' job much harder, so it will be hacked by a smaller number of people. We encrypt everything in Flash before sending it to the server. When the server receives the information, it then decrypts it and uses it. Good encryption algorithms require a key to encrypt or decrypt. We have an encryption function and pass in a key, which can be any string we choose, such as "thisIsTheKey," and the string that we want encrypted. The function returns encrypted information, which is unique to the key, and you can then send that to the server. In order to decrypt the information, the server needs the same key you used to encrypt it in the first place.
You may be thinking, "That sounds like pretty tight security; why can it still be hacked?" Well, we are storing both the encryption algorithm and the key in the game file. That is a security issue, but there isn't much we can do about that. After you understand everything in this chapter, you can take these files and try to increase the security yourself a little more. One thing you can do is load in the key from a separate file, and maybe even load in the encryption function through another SWF file. This is still not hack-proof, but every step you take is one more that a hacker will also have to go through. You want to make it not worth the hacker's while.