My plan was to add a 'buy items' page within AS3 using PayVault which works incredibly well, and the object purchase is succesful. The issue that I am having is that the user needs to be able to see the item prior to joining a room, and straight after logging into the flash app.
I have succesfully implemented this using the following function on login:
- Code: Select all
if(client != null){
client.payVault.refresh(function(){
if(client.payVault.items.length > 0)
{
trace("we have coins to add. TODO: Show an acknowledgement / thankyou message");
client.bigDB.loadMyPlayerObject(function(o:DatabaseObject)
{
var oldBalance:int = int(o["totalscore"]);
trace("Old balance: " + oldBalance);
for each(var itemToAdd in client.payVault.items)
{
trace("found and adding " + itemToAdd["itemKey"])
oldBalance += int(itemToAdd["itemKey"]);
}
trace("new balance " + oldBalance);
o["totalscore"] = oldBalance;
o.save(true, false, function()
{
//We have succesfully saved the new balance to the DB so we can go through the items and consume them
client.payVault.consume(client.payVault.items);
}, handleError);
chipsLobby();
}, handleError);
}
}, handleError);
My concern though is that in order for the o.save() to work, I need to make the permissions on my BigDB "public" connection read/write. Is this going to be a security issue?
I would like to know: What methods are there to precent a user sniffing for database related packets and then creating his own code to modify the "totalscore" table. SSL isn't going to help here as it will be the same user creating and encrypting the packets that intends to modify them so he will have full access.
Do I need to refactor my code to ensure that the "totalscore" table is only accessible from server-side code?
Does anyone have an example of how I would do that?
One thing which would be very useful for me:
Is it possible to access another user's PlayerObject from C#?