incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wordit Ltd <>
Subject Re: Couch + desktop game?
Date Sat, 12 Feb 2011 13:48:30 GMT
On Sat, Feb 12, 2011 at 12:20 AM, ash oakenfold
<> wrote:
> for a game it would be necessary to
> restrict access only to the application as a "user". How would I do that?

I just released my first couchdb game and have been grappling with the
same question. Here are a few thoughts.

Client-side you can't stop anybody seeing the app's login data and
using curl to change their scores, posing as the app.
You can prevent revealing credentials server-side...BUT, then it would
be just as easy to send false score data to the server, using the same
method the app does.

The only way I can think of, is to not reveal the correct responses on
the client-side. The client only sends user responses and has no clue
of the answers, then server-side check the response, and update the
scores. But that means informing the app whether the response was
correct and waiting for the server response...slows down or stops game

Another way, if correct responses are concealed, is to store all
player responses, and then have a verification procedure to check that
scores were attained correctly. Maybe after each level.

I don't see any way of achieving it for a desktop app. Encrypting the
data means the key is visible in the code, and then it's easy to

IMO, it all depends on the type of game. If its sole purpose is social
competitiveness, then many players may look for cheats, which may hurt
the game's reputation. But if the main reason for playing is to test
one's own knowledge or skills, then the player has little gain in

If anybody can think of another way please share it.


View raw message