I've almost got a complete rewrite of UberTube working (http://ubertube.tevlog.com, for those who missed the original), but am facing a dilemma. Using a simple "add_score.php?name=Bob&score=1023", allows anyone with a packet tracer to hack the scoreboard in five minutes. To solve this, I added a simple encryption system, where the compiled client contained an embedded private key, stored as a constant, used to encode scores. This number was removed from the source code when released.
Of course, this means that I need to compile the code (or send it to trusted others) for every platform I want to have high scores, and modify it slightly before releasing the code. So, my question is: Can anyone think of a scheme that would stop most script kiddies from hacking the scoreboard, even while they have full access the full source code? I would like to be able to release ALL of the code this time around, but I still cannot think of a way which does not result in a highly vulnerable score board.