Security concern for miscreants using "posters" to modify gamestate

[Forns]

Dondi and I were discussing this issue and are concerned that anyone with ill intent may use a poster, like the Firefox poster, as a means of messing with the K'tah gamestate. This gives cheaters the capacity to return their player to full health, give themselves massive scores, or manipulate anything that functions from our Ajax calls.

One solution providing a sufficient amount of security would be to use an MD5 hash-key sent to, then expected from, a client with each get-post cycle; the key would be different each time, and would thwart almost all attempts to mess with the game.

Perhaps David could comment more on this with his experience in the MVC world, but a simple implementation may not be out of the question, nor would there be a whole lot of resultant overhead.