Y
Hacker News
new
|
ask
|
show
|
jobs
by
ry0ohki
4601 days ago
I'd think you'd want to make a signed hash of each request, so the server can verify it came untampered from the client.
1 comments
gibybo
4601 days ago
Candy crush does this, and circumventing it was one of the points of the article. It is hashed with a secret key from the flash client. He just extracted the key from the client and started signing the requests himself.
link
gknoy
4601 days ago
He signed the requests. I think they'd need some sort of way to ensure that the level's initial settings were also used.
link
ry0ohki
4601 days ago
True, although it seems not all of the calls are like that, for example the number of lives.
link