1
Guys I have to pass numerical information from a C# application to a php function in order to have a minimum security.
I have to pass the points of my application (game) to the bank and want, to prevent some malicious user change his score, add the Base64 function to send it from one code to another.
I also need to have a type of key string that only the application and the function have to ensure that no one can, by the URL change your data maliciously and do not know how to do this, neither in C# nor in PHP, as I do?
I know very little only of php and my C#coworker, in php, only know how to go here:
<?php
$id_jogador= mysql_real_escape_string($_GET['id_jogador']);
$pontos =mysql_real_escape_string($_GET['pontos']);
$pontos = base64_decode($pontos);
echo $pontos;
?>
As I put from here, or in this medium, a string key that has in my friend’s C# application that can ensure the perfect safe communication of the codes.
mysql_real_escape_string
is an obsolete function and removed from php7, not a good start.– rray
Can’t the game communicate directly with the database? You really need to go through a PHP script to save to the database?
– Marcelo de Andrade
You can use Openssl which is a library that will find both in PHP and C# easily, you can use a key that only the PHP and C# applications know and traffic this data and only open in the destinations.
– SK15
If a data is received from the customer, you cannot trust him 100% no matter what he does. But assuming your application has a secret key (and the user doesn’t have root on his device - being able to see this key) shared with your server, what you need to do is sign the data sent and attach the signature to the request. On the server, you check the signature, rejecting the request if the signature is not valid. Remember to include the player id in the signature, otherwise one player can change another player’s score!
– mgibsonbr
Note: You can use asymmetric encryption (RSA, ECDSA) to make this digital signature - and in this case, @SK15’s suggestion to use Openssl is a good one, I don’t know if there are better ones - but you can also choose to use symmetric encryption. In this case, there would be a single secret value shared between the server and the application, and the subscription mode you would use is called a MAC. Look for HMAC, surely there are functions in both PHP and C# that do this.
– mgibsonbr