I'm in the business of creating small flash-games. Over the years if had
lots of users try to cheat in these games - or rather - around these games,
by sniffing the posts made from the flash-app to the backend, and then
recreating these posts manually with a much higher score.

The games are small, and if eny, the prizes involved are very small as well,
but it still annoyes me a great deal that i am not able to get the better of
these jokers.
So fare i'm just using some elaborate math to scramle the gameresult before
submitting it, and then serverside unscramle them again.. if the result of
this unscrambling is not satisfactory, the score is not saved.
I'm well aware of the fact that my swf-file can be decompiled and the
elaborate math thereby being discovered and replicated, but moste of the
hacks i am experiencing is just people sniffing posts and recreating them.

I'v tried to figure out a more secure (not 100% i know) scheme using
sessions, cookies, tickets etc. But i cant seem to do it...

I'm quite interesting in hearing what you guys do in similar situations.

Thank you for your time,

Peo

Yes, security remains an issue.

What i do is the following(in asp.net)

1) use the getReferrer to check where the scripts are coming from. Say they
use their own script to post variables to your script, the url of it will be
different. So as long as the url referrer is not from your domain, dun allow
the posting

2) have a different movie that connects to your scripts. Use loadMovie at run
time to load it and use it to send variables to your server. This is not fool
proof, but it make things difficult for them to find the right file to decompile

there is no fool proof method as long as there is decompiler around, even with
Flash remoting, as long as there is a decompile and they get ur movie, there is
always ways to hack. =\