The problem is if some gets banned they can typically store
the last string via a sniffer and re enters the game, thus causing
SSL is out of the question due to MUS and shockwave stuff not
working well under that. This is only to protect the login part.
We had a few experiments like encrypting a time stamp and
comparing it with the one they logged in. It works, but the problem
is if the sniffer captures that it will not matter. The time stamp
I was thinking about using Director Time to match it but
the users computer not the server. So there are issues there.
So it seems like what every method we think of it is
difficult to protect the login because even if it is encrypted they
just have to get in the first time and repeat the same string.
Any suggestions? I am sure this has come up a few times.