On Sat, Feb 12, 2011 at 12:20 AM, ash oakenfold <[email protected]> wrote: > > for a game it would be necessary to > restrict access only to the application as a "user". How would I do that?
I just released my first couchdb game and have been grappling with the same question. Here are a few thoughts. Client-side you can't stop anybody seeing the app's login data and using curl to change their scores, posing as the app. You can prevent revealing credentials server-side...BUT, then it would be just as easy to send false score data to the server, using the same method the app does. The only way I can think of, is to not reveal the correct responses on the client-side. The client only sends user responses and has no clue of the answers, then server-side check the response, and update the scores. But that means informing the app whether the response was correct and waiting for the server response...slows down or stops game flow. Another way, if correct responses are concealed, is to store all player responses, and then have a verification procedure to check that scores were attained correctly. Maybe after each level. I don't see any way of achieving it for a desktop app. Encrypting the data means the key is visible in the code, and then it's easy to decrypt. IMO, it all depends on the type of game. If its sole purpose is social competitiveness, then many players may look for cheats, which may hurt the game's reputation. But if the main reason for playing is to test one's own knowledge or skills, then the player has little gain in cheating. If anybody can think of another way please share it. Marcus
