Hi, Learning CouchDB and very excited about it. Finally, a DB that makes sense!
As a 1st project, I thought I would try making a game (desktop only app). If the player has a bunch of properties (cash, health, energy, etc) in a document, and the server is running locally, what's to stop a player from changing their player stats directly? I don't need super air-tight security (if you're determined to cheat, go ahead) but it would be nice if only the application (game logic) could update the user stats. In my early tests, my app fires up curl in the background to create/update documents. At this point, I'm not worried about end users having curl, or an instance of CouchDB. I also know preventing users from editing documents goes against the grain of Couch, but for a game it would be necessary to restrict access only to the application as a "user". How would I do that? Even if I create an admin account, how would I pass credentials along in curl without it being plainly readable? It's all fuzzy to me right now. Cheers, Ash
