hey I am developing a game and I would like to know how to put the highscore online. I am not sure what to best method to do this is so I am jus tgoing to leave my question broad.
I just registered for this forum in order to ask precisely that question. I made a Java Applet and I would like to save the high scores and associated names on the web server. Please help.
I was having dificulty with PHP so I tried just editing a text file. I am able to read the file and get the info. but how do I write back into it.
Err… that tutorial seems to indicate that you should both include the name and password for the mysql user in the game client AND send it over unencrypted network. That is very very stupid, do not do that.
Additionally, a naive highscore implementation like that WILL get “hacked” in a matter of days. You’ll get people with scores of 9999999999 and names like “hax0rman”.
Unfortunately, verifying that a highscore is legit is not an easy problem to solve.
Just saw the topic,
I used php and mysql to implement a high score board. Its takes a bit to code but its well worth it. Php is actually very easy to understand, just follow some online tutorials on it and you can pick it up in no time. As for Mysql, the best tutorial I found was at http://www.developer.com/java/data/article.php/3417381
Where they describe Mysql, how to download it, install it along with the j connector and get java working with it.
As for hacking the scoreboard, for my site, you must be a member to view the board and play the game, so if it gets hacked, at least youll know who did it, hehehehe.
You can always put JDBC in your game and then just have the scores sent that way. Similarly you can (as people have mentioned) open up a website from your Java game that is a PHP page, and pass it scores and username with some sort of encryption. I would recommend doing the former if you don’t mind having JDBC in your package.
The problem with JDBC is, that it could be difficult to find a public server that exposes the database ports to the net. Also not using http will cause problems for people behind a proxy. Writing a simple php (or jsp if available) seems the best option to me.
[quote=“Demonpants,post:7,topic:32909”]
No. Do not do this. This is even worse than what I warned against before.
Not only do you have to reveal the user name and password for the database user, you also have to expose the database to the public internet. Do not ever ever do this!
Additionally, no amount of encryption will help[*]. If the client is capable of doing something, the end user is capable of finding out how the client did it, since he has the client files on his computer.
[* Encrypting data traffic will help somewhat against people doing simple network snooping, but it’s still The Wrong Way to Go]
To re-emphasise, don’t do it! Ever! I have actually been destroyed rather painfully for making this mistake. The layer of php acts as a reasonable limitation of what can/can’t be done from the game.
A good way to validate scores is “record” the game activitiy - what was shot and when, what actions were taken - and then validate that the actions given would result in a score somewhere near the score submitted. It’s a bit of a chore, but goods “pretty good” protection. If a hacker can be bothered to simulate a game to get the high score then they probably deserve the top score
Another nice touch I saw someone do is to, when a fraud has been detected, record the user’s remote IP. When they access the scoreboard again show them a score board that appears to have been hacked with their score present. This seems to convince the typical script kiddie that they’ve succeeded and they toddle off never to bother you again. The real score board of course remains intact and everyone else see only valid scores
Kev
I would do a PHP but I dont got admin privelages I may try to make a servlet is this a good idea. I would have to get wervlet JDK is this easy?
You shouldn’t need admin privs to just use PHP.
You proabably would to run Tomcat to host your servlet if they’re not already running it.
Kev
dont I need to install PHP?
Where are you hosted? Web hosters usually provide a php server along with the webspace they sell. Normally you have a subdir in your home where you can place your php-files. If you have a directory where you place your html-files, just try to create a “helloworld.php” with the following content in there:
<html>
<body>
<?php
echo "Hello World";
phpinfo();
?>
</body>
</html>
and open it like you would open a html-page in the bowser.
I tried that and it ddnt work. my provider is sites.google. It is free so it is probably bad
do I make that a fiel ro do i jsut put that into the webpage?
Ahem, yes I didn’t notice that :persecutioncomplex:
I was writing a long post about it and then just before posting I saw this tutorial which seemed to explain the same thing… But yes absolutely, sending your database username/password over the net is a bad idea.
Anyway, the tutorial still explains the basic idea, just hardcode the MySQL username/password in the PHP script so you don’t have to send it from your java client.
It’s still not secure, but at least you won’t open up the complete MySQL server on the net.
If that works, you can start securing your highscores.
If you keep your PHP config file outside of your public_html folder and then include it from a php file within the public_html folder, it becomes much more difficult for people to hack to it and see what it contains.
Excuse my ignorance, but is it possible to get the contents of a PHP script from outside the server then?
Shouldn’t be if your web server is configured correctly.
Kev
They provide free PHP hosting with 1 MySql database. They also have the mime types properly configured to host webstartable apps.