I have an iPhone game and I use a LASSO web page to add scores to a MySQL database. It now works fine, but I am getting one 'user' that submitted hundreds of impossibly good scores in succession. I know this could not have done the 'legal' way. I am now updating the app and want to avoid such nonsense. My initial thought was to go to Game Center, which I will, but this update is almost perfect so I rather not open it up again.
What would be a good way to test if an HTTP request came from my app from an iOS deviced and not from some robot or script?
Thanks! Hanaan
This is my request code:
int gameTypeId = 1; // Nonograms=1, Nonograms iPad=2, LoopMaster=3
NSString *name = [[NSUserDefaults standardUserDefaults] objectForKey:@"player_name"];
NSString *place = [[NSUserDefaults standardUserDefaults] objectForKey:@"player_where_from"];
NSString *scoreString = [self formatFinalScore];
NSMutableDictionary *parameters = [NSMutableDictionary dictionary];
[parameters setValue: name forKey: @"name"];
[parameters setValue: place forKey: @"place"];
NSString *post1_encodestrings = [@"" stringByAppendingString: [parameters urlEncodedString]];
NSString *post1 = [NSString stringWithFormat: @"game_id=%d&game_size=%d&game_level=1&score=%f&score_string=%@&%@",gameTypeId,self.thisGameSize,self.gameFinalScore,scoreString,post1_encodestrings];
NSData *postData = [post1 dataUsingEncoding:NSUTF8StringE开发者_如何学Cncoding allowLossyConversion:YES];
NSString *postLength = [NSString stringWithFormat:@"%d", [postData length]];
NSMutableURLRequest *request = [[[NSMutableURLRequest alloc] init]autorelease]; //
[request setURL:[NSURL URLWithString:@"http://www.tmipublishing.com/hotcocoa/lasso/add_score_to_database.lasso"]];
[request setHTTPMethod:@"POST"];
[request setValue:postLength forHTTPHeaderField:@"Content-Length"];
[request setValue:@"application/x-www-form-urlencoded" forHTTPHeaderField:@"Content-Type"];
[request setHTTPBody:postData];
NSURLConnection *conn=[[NSURLConnection alloc] initWithRequest:request delegate:self];
Couldn't you just perform the request over HTTPS instead? If it's easy to do with an NSMutableURLRequest (I don't know; I'm not a Cocoa dev), it's probably the simplest and most straightforward change. If he's got a jailbroken phone and does in-memory modification of the score, you're screwed anyways, but it should stop a guy with a packet sniffer. It's by no means totally secure, and I guess it might be vulnerable to replay attacks (maybe I'm wrong), but posting the same score over and over again probably wouldn't get you much gain and this isn't banking data we're talking about.
You can auto-generate a post code which is a unique number include [app_id] + [device_id] then encode it and append to http request. Then simply decode and check the post code is legal or not in server before saving score in database. It's more safe if u encode all data (score, game id, game name, user name...) before send to server.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论