incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ash oakenfold <>
Subject Couch + desktop game?
Date Fri, 11 Feb 2011 23:20:42 GMT

Learning CouchDB and very excited about it. Finally, a DB that makes sense!

As a 1st project, I thought I would try making a game (desktop only app). If
the player has a bunch of properties (cash, health, energy, etc) in a
document, and the server is running locally, what's to stop a player from
changing their player stats directly? I don't need super air-tight security
(if you're determined to cheat, go ahead) but it would be nice if only the
application (game logic) could update the user stats.

In my early tests, my app fires up curl in the background to create/update
documents. At this point, I'm not worried about end users having curl, or an
instance of CouchDB. I also know preventing users from editing documents
goes against the grain of Couch, but for a game it would be necessary to
restrict access only to the application as a "user". How would I do that?
Even if I create an admin account, how would I pass credentials along in
curl without it being plainly readable? It's all fuzzy to me right now.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message