Send/receive data from MySQL external

Solar2D Lua Language
#1

Hi, I need a simple ranking with only this:

Name - Points

In a table MySQL with the columns.

I have this code (i’m new in corona, sorry xD)

local json = require ( "json" ) local myNewData local decodedData local function networkListener( event ) if ( event.isError ) then print( "Network error!" ) else myNewData = event.response print ( "From server: " .. myNewData ) decodedData = ( json.decode( myNewData ) ) timer.performWithDelay(10, function() end, 1) end end local function uploadScore() puntos = "80000" nick = "nickTEST" network.request( "http://xxxxxxx.es/json.php?nick=" .. nick .. "&total=" .. puntos, "POST", networkListener ) end uploadScore()

Ok, this works for upload because I only call to URL and with GET update the table…

But… Hackers can fuck my scores in less than 1 sec xD

How can I do it, with more security, only need this, upload score, and maybe some day download scores.

#2

For a start use SSL to connect to your database.  Look into encrypting your requests using the crypto library

#3

Normally you’d build a verification hash into your request. Define a seed of some sort into your code, that only you know, and concatenate that and the other parameters into a string to create an encryption hash from, then pass the resulting hash as another parameter.

On the server side, use the same seed concatenated with the other received values to reproduce the hash. If the result matches the hash that was submitted, you know the data wasn’t tampered with.

#4

Yep, exactly the logic I use.

#5

For a start use SSL to connect to your database.  Look into encrypting your requests using the crypto library

#6

Normally you’d build a verification hash into your request. Define a seed of some sort into your code, that only you know, and concatenate that and the other parameters into a string to create an encryption hash from, then pass the resulting hash as another parameter.

On the server side, use the same seed concatenated with the other received values to reproduce the hash. If the result matches the hash that was submitted, you know the data wasn’t tampered with.

#7

Yep, exactly the logic I use.