|
|
|
|
|
|
by alexkus
4601 days ago
|
|
|
Hmm, if that was me (as the server programmer) I'd return a purposely different checksum[1] in the error message and then (internally) flag anything that was then submitted with that 'incorrect' checksum. What you do with these flagged entries is up to you:- a) Delete the scores after an hour or so (giving the chance for the user to check things) b) Only display those scores to the user that logged in c) Flag the entire account as 'cheat' and ban it after a few dodgy submissions etc... 1. i.e. expected hash is hash(real_salt+data), supposed expected hash (returned to client in error message) is hash(cheat_salt+data). You obviously never return the real expected hash. |
|
|