Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Re: A question about web service security

by dHarry (Abbot)
on Aug 05, 2011 at 13:51 UTC ( #918767=note: print w/ replies, xml ) Need Help??


in reply to A question about web service security

As the context is a web game there is probably money involved. It really depends on how far you want to push it. I advice you to first write down your security objectives i.e. wat are your requirements? You probably need more than establishing who sent the message. (If authentication is the only thing you need you can for example do this with SOAP Headers.) Next you do some threat analysis, e.g. what threats are relevant for you? Then you can start thinking about implementation. If your users perceive the system as unsafe your game will probably be short-lived.

With SOAs being all the rage, and WSs often being part of that, a lot of effort was put into security. I recommend scanning through the book "Improving Web Services Security" although this is MS based it gives a lot of useful information, e.g. architectures, security patterns etc.

Cheers

Harry


Comment on Re: A question about web service security
Re^2: A question about web service security
by PerlOnTheWay (Scribe) on Aug 05, 2011 at 14:08 UTC

    The entire process is that you play an interesting game, and there're many tasks in the game. Each time you finish a task, your refos will increment.

    It's impractical to interact with server side for every mouth movement/click in a mouth movement/click intensive web game...

      It's impractical to interact with server side for every mouth movement/click in a mouth movement/click intensive web game...

      Of course it is and I didn't suggested to follow that approach! I assume you keep some sort of state and after finishing a task communicate it to the web server.

        The problem rises when you are doing the report, there's no way to check whether it's telling the truth .

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://918767]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (8)
As of 2014-07-31 06:12 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (245 votes), past polls