I'm looking for secure ways to pass data between a client running Flash and a server. The data in question will be generated BY the Flash app, which in this case is your score after finishing a game. I want to verify the data is untampered on the server. What are some good methods of getting this done?
One simple way is to perform some operations on the data such as a hash, and pass the hash back to the server along with the data. This is easily broken by someone with access to the client source code, however.
Edit: I realize that nothing will be unhackable, but I want to make it as difficult as possible. @jcnnghm's solution of encryping data with a public key and optionally doing sanity-checks and/or recalculation with the game logs is the best option I think. SSL encryption is also a good idea as this makes it more difficult to decipher what's actually being sent back to the server.
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…