Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 19637 invoked from network); 11 Feb 2011 23:21:13 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 11 Feb 2011 23:21:13 -0000 Received: (qmail 95535 invoked by uid 500); 11 Feb 2011 23:21:11 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 95482 invoked by uid 500); 11 Feb 2011 23:21:11 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 95474 invoked by uid 99); 11 Feb 2011 23:21:11 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 11 Feb 2011 23:21:11 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of conceptual.inertia@gmail.com designates 209.85.214.180 as permitted sender) Received: from [209.85.214.180] (HELO mail-iw0-f180.google.com) (209.85.214.180) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 11 Feb 2011 23:21:03 +0000 Received: by iwn37 with SMTP id 37so2917643iwn.11 for ; Fri, 11 Feb 2011 15:20:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type; bh=6VjWgS61mwcSHNof4tZ1w7lGHXXztawZMFnmkOPr/KQ=; b=NMGlmo8cb8c9uqENbaGcTSZclFW+YIIIYR760WAFyRL2G8GM+w4GxdtXEh9bdvPV2Z T4rGmC8IUdmfSupO7iXBCD++IaZ2jd41MezyuYqRhX1yHbtmAYS905R9tgNOWwtvquuY kRSWwYR2AwWLCZVQhptXNhZjmqWw5z/HbB7ak= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=fuyikQjKc6VVtYgE9sByKHrRgCCZNIAV9iasAFkPw9VER98egNr3wSvYC5TeztRjdi 1YNgwAbT49prge0Pnd2oOLzqvi+Ru+QKEX1oOVKL24r5GfsVL0nC2iISXtEin1/J3n1m 7UKIIeU+M2Q62l0VvrFzdm0Z4j2eZbKQS30ow= MIME-Version: 1.0 Received: by 10.42.213.138 with SMTP id gw10mr1441634icb.35.1297466442325; Fri, 11 Feb 2011 15:20:42 -0800 (PST) Received: by 10.42.229.7 with HTTP; Fri, 11 Feb 2011 15:20:42 -0800 (PST) Date: Fri, 11 Feb 2011 15:20:42 -0800 Message-ID: Subject: Couch + desktop game? From: ash oakenfold To: user@couchdb.apache.org Content-Type: multipart/alternative; boundary=20cf30334939672245049c09f2ba X-Virus-Checked: Checked by ClamAV on apache.org --20cf30334939672245049c09f2ba Content-Type: text/plain; charset=ISO-8859-1 Hi, Learning CouchDB and very excited about it. Finally, a DB that makes sense! As a 1st project, I thought I would try making a game (desktop only app). If the player has a bunch of properties (cash, health, energy, etc) in a document, and the server is running locally, what's to stop a player from changing their player stats directly? I don't need super air-tight security (if you're determined to cheat, go ahead) but it would be nice if only the application (game logic) could update the user stats. In my early tests, my app fires up curl in the background to create/update documents. At this point, I'm not worried about end users having curl, or an instance of CouchDB. I also know preventing users from editing documents goes against the grain of Couch, but for a game it would be necessary to restrict access only to the application as a "user". How would I do that? Even if I create an admin account, how would I pass credentials along in curl without it being plainly readable? It's all fuzzy to me right now. Cheers, Ash --20cf30334939672245049c09f2ba--