Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>There is no way to make this 100% secure since you have no way of verifying where a request came from, but there is a way to make it slightly harder to hack the highscores. It's still basically security through obscurity but it requires digging in to the actual app binary rather than just looking at the network connections.</p> <p>First, pick a "password" for your app. Instead of sending just the score, also send a cryptographic hash (say, SHA-256 or something) of the password concatenated with the score. On the server side, recalculate the hash of password concatenated with score and check if this matches the submitted hash. If it does not, reject the score submission. Now this is somewhat more secure than the initial approach because looking at the requests the app makes does not enable you to forge scores. However, looking in to the binary code off the app will still allow an attacker to recover the password and forge score submissions, but this is very involved and probably good enough for your purposes.</p> <p>Of course, this does not rule out being able to duplicate a score (once the proper hash is known, you can submit a score as many times as you want). If you even want to prevent this, submitting a score would have to go like this: request (random) ID number from server, hash score + ID + password, submit the score + hash, the server then checks whether this hash is good. The server needs to remember the ID number so this is a little more involved to program. A simpler solution would be to associate each score with the players name, and only allow 1 score per player. Then you could hash password + name + score.</p>
    singulars
    1. This table or related slice is empty.
    1. POSafely writing to remote database from Android app
      singulars
      1. PTQuestion
    1. PTAnswer
    1. This table or related slice is empty.
    1. USTom van der Zanden
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. POSafely writing to remote database from Android app
      singulars
      1. PTQuestion
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. COgreat. your answer is going to be handy as a reference to implement security in transactions
      singulars
      1. PO
      1. USkishu27
    2. COWhen you say "good enough for your purposes", does that mean that even the large apps with online high score lists (say, Angry Birds) do a similar approach to this? Just, as you mentioned, with a even larger degree of obscurity? Thanks for some good ideas!
      singulars
      1. PO
      1. USTragedyStruck
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload