|
|
|
|
|
|
by chetane07
5329 days ago
|
|
|
In my experience Flash is not much more secure. Looking at your app for example, it seems the hash you are using is not a function of raceId or timestamp so there is potential for replay (e.g. reuse precomputed hashes). Also, is it possible that the salt starts with "209adk"? :) As far as a better solution, maybe using of dynamic script loading, maybe unique salt/session along with strong server side synchronization. Desktop games are faced with similar challenges, even if the path is much harder given the amount of reverse engineering required. |
|
|