Securely transferring data to online database

[Pieps]

Oi,

This is more for reference if anything rather than directly seeking advice(as it's a tad on the troublesome size to answer within here I presume). I'm looking to make a database through, for example, MySQL and securely so.

Not like you just check your outgoing connection and change "vscore=cocks" in the sent data as you desire, like decrypt it somehow(or however that's suppose to work, I'm a total layman to it). Now I'm a bit of a poor slob so I've got but gamemaker 8.

Tried searching for tutorials, and amongst the very sparse few none did the job. So I'm looking for someone who could link me to a good tutorial I could possibly use, or explain what I need to do really superficially so I've at least got a starting point.

Thanks boys

 

[Zekka]

Maybe you already recognize this, but below is, unfortunately, a protocol that can't be made completely secure:

- Client: Server, this is my high score. Please accept it. Thanks.
- Server: Accepted.

There's no way at all to verify that people won't change the client's message, because it's generated by code running on their computer. Even if you encrypt the client's message, it will be possible for the game's user to modify the game to send your new message using its old encryption. This is the same as the cat-and-mouse game you get with DRM.

This is a protocol that can be made secure:

- Client: Server, this is my high score, and a log of the game activity that produced the high score. Thanks.
- Server: One moment.
- Server runs an instance of the game and verifies that the game activity really was possible and could have produced the high score.
- Server: I believe that you really did do that. Accepted.

The trick here is that encryption isn't what gives you complete security, when you're knowingly communicating with someone you can't trust. Encryption makes it harder to snoop, but when a user runs the code on his own machine, there is no way to hide the crypto key very well. You can only get complete security by refusing to trust anything the client sends you unless you verify it yourself.

(There's still other ways the client can trip you up, of course -- they can make the game run at 1FPS, play it frame-perfectly, then send your server back a log that reflects sped-up gameplay. But at least your scores will reflect actual, played games.)



In practice, the secure version is hard to implement, so you have some options:

- You can IP-ban any user the first time they produce invalid input. This will not stop very dedicated users but it will stop people who just wanted to see if they could do it.
- You can use a protocol like TLS to guard your message. (I don't know if Game Maker currently supports TLS.) This gives you encryption, but like I said, doesn't make the client trustworthy.
- You can manually vet the high scores table and ban anyone whose scores are obviously crap.

I think doing all three will probably mean your high scores table will not be full of junk, even if it doesn't make your high scores table absolutely safe.

If you want specifics on implementing the server side of the high scores system and not just the security part, could you indicate that in your next post? It wasn't clear to me if that was something you were able to do.

 

[johnwo]

I did something similar once, using C++ (client-side) and PHP (server-side) with a public-key cryptography scheme.

It basically went like this:

• Client encrypts info using the server public key.
• Send the info to server which in turn decrypts the information.
• Server then stores the information.

All done over SSL (not sure if that is supported).
This is very much doable in GM8 with a (couple of) DLL(s)/GEX(s).

Sanity checking the data is another factor that is important.
That is, checking that the data hasn't been tampered with in any way, and that it is valid.
There are a number of ways of doing this (salted checksums to name one, albeit insecure).

Also, implementing a "timed encryption key" is a good way of preventing tampering.
The server sends the client a key, allowing the client to encrypt and send some data, but the server only accepts the data if it was sent within a certain timeframe (500ms or so, preferably less) after the key was generated.
This way, hackers have much less time to manipulate data.
There is of course a way around this as well, but it'll make it a hell of a lot harder/laborious to manipulate the data sent to the server.

Good luck!

Cheers!

 

[Zekka]

If you've already foregone the completely secure solution of having the scores server run the game itself, johnwo's tips are good additions to the "just crypto" family of insecure solutions.

(reiterating, I don't blame you if you want to forego the completely secure solution so long as you're aware that's what you're doing)