Have just added a new guide to our Knowledge base
How to prepare graphics for the development of iPhone application
[click the link above to access the most up to date version of the document in Injoit's Knowledge Base]
This might be useful for our clients - helps to save both their and developers’ time.
Posting current version here:
I was reading stackoverflow and found one great idea on making client-server based high scores system for your iPhone games so as this is something we would need to develop soon, I’m posting it here so not to forget and I’ll update this post when we come up with our own solution. Actually I had a similar idea but benzado has formulated it nicely so here it is:
One idea that might be Good Enough:
- Let Secret1, Secret2, Secret3 be any random strings.
- Let DeviceID be the iPhone’s unique device ID.
- Let Hash(Foo + Bar) mean I concatenate Foo and Bar and then compute a hash.
Then:
- The first time the app talks to the server, it makes a request for a DevicePassword. iPhone sends: DeviceID, Hash(DeviceID + Secret1)
- The server uses Secret1 to verify the request came from the app. If so, it generates a DevicePassword and saves the association between DeviceID and DevicePassword on the server.
- The server replies: DevicePassword, Hash(DevicePassword + Secret2)
- The app uses Secret2 to verify that the password came from the server. If so, it saves it.
- To submit a score, iPhone sends: DeviceID, Score, Hash(Score + DevicePassword + Secret3)
- The server verifies using Secret3 and the DevicePassword.
The advantage of the DevicePassword is that each device effectively has a unique secret, and if I didn’t know that it would make it harder to determine the secret by packet sniffing the submitted scores.
Also, in normal cases the app should only request a DevicePassword once per install, so you could easily identify suspicious requests for a DevicePassword or simply limit it to once per day.
Disclaimer: This solution is off the top of my head, so I can’t guarantee there isn’t a major flaw in this scheme.
Written by benzado
Currently, I’m trying to figure out the best way to make online highscores system for our clients without having to invent the bicycle. It seems however there is no great solution yet. I was looking into OpenID but the evidence that at the moment it doesn’t allow easy automated identification using the iPhone’s deviceId feature:
http://factoryjoe.com/blog/2008/01/13/the-openid-mobile-experience/
http://openid.net/pipermail/specs/2009-January/002688.html
so likely we will come up with our own solution something like Benzado mentioned above
In the middle of December Injoit has had a very special occasion - we’ve been visited by our important client from France, Mr Nicolas Gallé.
Mr Gallé is a president of Frantsia SAS and Injoit has developed a real estate B2C web portal, www.frantsia.ru for Frantsia. This has been a serious and interesting project which is still growing and developing and we continue our collaboration with Frantsia and Mr Nicolas Gallé.
It was fantastic to meet in person with a client who you’ve only heard over phone and you’ve spent many hours on Skype with discussing various project details. All the staff of Injot was delighted to meet Mr Gallé and is very greatful to him for visiting Kharkov as Mr Gallé has been initially on a business trip to Moscow and arranged a trip to Kharkov just to meet our team.
We value such relationships with our clients a lot and look forward to more friendly visits of this kind.
Alex and Vladimir showing Nicolas one of the iPhone projects being in development
Nicolas Gallé with Injoit team
Nicolas Gallé with Injoit team - 2