Just to qualify this, I'm not building any games but it has occurred to me that there is a challenge in building a secure High Score Service for games.
I'm now of the opinion that it is probably such a challenge for the average casual game developer, that is probably worth someone developing a service (and library code), for other casual game developers to use.
Here is the reason it is a challenge. If you implement a simple service where the Silverlight Application simple sends back the high score to the server, it is easily manipulated.
Just grab Fiddler, capture the request, modify the high score, and send it back.
So now to stop this sort of attack you need to bring in lots more mechanisms.
Some thoughts are:
- Capturing of in-game data
- Hashing with GameId
- Hashing with SessionId
I guess it depends how far you want to go, total security, or enough of a deterrent.
Even if the request is encrypted and cannot be tampered with, you could reflect the game and work out the logic.
I will ponder this some more, however