Java Puzzle Applet - Stopping Cheating

So, you want to have a "high score list", but people figure out that the number of moves is immediately after the ? in the URL. Well, there were a lot of suggestions that were given to me, and here is a list of the various things that can be done to stop those annoying cheaters.

  • Use POST instead of GET, that way the user doesn't see the number that is submitted to the CGI. Thanks to Tom Scheper, I was directed to a site that explains everything about how to add it to your Java program. I won't be adding it, but if someone does, I would certainly accept changes.
  • Use a simple formula to get a different number, like [moves] * 15 + 23, but then people would figure that out too (I tested this theory in 1998).
  • Have the puzzle page generated by a script, and include a unique key that will get returned with the number of moves. Add the key to a file. When the solution page is loaded, check if the key is in the file. If so, delete the key and keep the number of moves. If not, the person is trying the puzzle again and could be trying to modify their number of moves (or they maybe just hit "back" and tried it again).
  • As an extension of the previous idea, have the key be all numbers and a somewhat random length. Add another key to the very end, so the query might look like solution.cgi?moves=174512439872146272651493482629427862, with only the bold 27 being the correct number. You could possibly implement this without the file of keys, but then it is feasible that people would bypass the meager amount of security. I have sample scripts in the full package of the puzzle.
  • You can get an HTML encoder, which would really make people think twice. This is trivially implemented with the above solution, but I didn't do it so you could still read the HTML. With the HTML encoded, it takes a newer browser to decode it, but it is quite secure. Check out for programs that can do it.
  • You can alter the source of the applet that will perform actions you specify, do a certain difficulty level.
Why is "abbreviation" such a long word? Tyler Akins <>
Legal Info