[Tutor] Re: newbie intro to pickle

[Andrei]

Lee Harr <missive <at> hotmail.com> writes:

> Now my question is how do you keep people from just loading
> the high score file with whatever scores they want?

I'd say this is impossible particularly with Python, because cheaters could
always look in the source and find out whatever you're doing to the scores and
if they can't get around it, they can certainly feed that routine bogus scores
and get valid (but cheated) score files. Cheating happens even with
closed-source games.

The only reliable way of scoring is to have an application which both runs and
keeps scores on computers you control (i.e. an online in-browser game), without
relying on cookies or any other form of client-side data.

If you just want to keep casual tinkerers from playing with a plain text scores
file, simple safeguards would suffice, like:

- writing a MD5 hash of the scores list along with the scores themselves. If the
scores are modified and the MD5 isn't, the two won't match.

- implementing some trivial obsfucation (as opposed to real encryption)
algorithm which you could apply to the data before writing it. You could for
example use the zlib module for this (compress the result of pickle.dumps and
decompress the string read from file before feeding it to pickle.loads). The
result will look tremendously ugly and scary, plus it will save a few bytes in
storage space if you're lucky :).

- storing the scores in a bsddb (it can be modified by hand, but it looks quite
scary and mistakes might lead to breakage)

It's quite obvious though that no method is good enough if you attach any kind
of value to high scores, by e.g. posting the highest scores on your webpage.

Yours,

Andrei