i'm writing mobile game user sends highscore php server.
i want verify in server http request comes mobile devices. want refuse calls malicious user may send via curl or other http clients fake score.
what standard, usual way of doing this?
i thought encript http message in mobile client, need release binary encription key, retrieved if decompiled.
thank you.
take @ this:
https://github.com/serbanghita/mobile-detect
it pretty accurate, won't stop clients faking user-agent.
generally best way not let client make decisions.
take game eve online example. every action make sent user action server, server validates action , makes appropriate decision. if server relied on client decide how damage ship doing, game subject no end of trainer hacks.
Comments
Post a Comment