http://www.perlmonks.org?node_id=918767


in reply to A question about web service security

As the context is a web game there is probably money involved. It really depends on how far you want to push it. I advice you to first write down your security objectives i.e. wat are your requirements? You probably need more than establishing who sent the message. (If authentication is the only thing you need you can for example do this with SOAP Headers.) Next you do some threat analysis, e.g. what threats are relevant for you? Then you can start thinking about implementation. If your users perceive the system as unsafe your game will probably be short-lived.

With SOAs being all the rage, and WSs often being part of that, a lot of effort was put into security. I recommend scanning through the book "Improving Web Services Security" although this is MS based it gives a lot of useful information, e.g. architectures, security patterns etc.

Cheers

Harry

Replies are listed 'Best First'.
Re^2: A question about web service security
by PerlOnTheWay (Monk) on Aug 05, 2011 at 14:08 UTC

    The entire process is that you play an interesting game, and there're many tasks in the game. Each time you finish a task, your refos will increment.

    It's impractical to interact with server side for every mouth movement/click in a mouth movement/click intensive web game...

      It's impractical to interact with server side for every mouth movement/click in a mouth movement/click intensive web game...

      Of course it is and I didn't suggested to follow that approach! I assume you keep some sort of state and after finishing a task communicate it to the web server.

        The problem rises when you are doing the report, there's no way to check whether it's telling the truth .