I was reading stackoverflow and found one great idea on making client-server based high scores system for your iPhone games so as this is something we would need to develop soon, I’m posting it here so not to forget and I’ll update this post when we come up with our own solution. Actually I had a similar idea but benzado has formulated it nicely so here it is:
One idea that might be Good Enough:
- Let Secret1, Secret2, Secret3 be any random strings.
- Let DeviceID be the iPhone’s unique device ID.
- Let Hash(Foo + Bar) mean I concatenate Foo and Bar and then compute a hash.
Then:
- The first time the app talks to the server, it makes a request for a DevicePassword. iPhone sends: DeviceID, Hash(DeviceID + Secret1)
- The server uses Secret1 to verify the request came from the app. If so, it generates a DevicePassword and saves the association between DeviceID and DevicePassword on the server.
- The server replies: DevicePassword, Hash(DevicePassword + Secret2)
- The app uses Secret2 to verify that the password came from the server. If so, it saves it.
- To submit a score, iPhone sends: DeviceID, Score, Hash(Score + DevicePassword + Secret3)
- The server verifies using Secret3 and the DevicePassword.
The advantage of the DevicePassword is that each device effectively has a unique secret, and if I didn’t know that it would make it harder to determine the secret by packet sniffing the submitted scores.
Also, in normal cases the app should only request a DevicePassword once per install, so you could easily identify suspicious requests for a DevicePassword or simply limit it to once per day.
Disclaimer: This solution is off the top of my head, so I can’t guarantee there isn’t a major flaw in this scheme.
Written by benzado
Currently, I’m trying to figure out the best way to make online highscores system for our clients without having to invent the bicycle. It seems however there is no great solution yet. I was looking into OpenID but the evidence that at the moment it doesn’t allow easy automated identification using the iPhone’s deviceId feature:
http://factoryjoe.com/blog/2008/01/13/the-openid-mobile-experience/
http://openid.net/pipermail/specs/2009-January/002688.html
so likely we will come up with our own solution something like Benzado mentioned above
Wordpress might be heavy for your web server as it works a lot with MySQL database and has tons of scripts and plugins that run along.
This as simple script, add it to the footer.php of your Wordpress theme and you will get a line in the bottom with your SQL queries and generation time.
You may start to think of next steps if this values are not acceptable. What you could do, to start with, is:
1) get rid of unused and unnecessary plugins
2) install WP Cache or WP Super Cache plugins
3) add automated MySQL tables optimize script to your cron jobs
4) check your server configuration (php.ini, mysqld.conf) to find if the memory allocation and other settings are optimal
5) upgrade your server
Number 3 stays without attention very often however this is important. MySQL doesn’t optimize itself unlike Oracle. In a while, your DB, depending on its size and usage characteristics, gets fragmented making mysqld process to eat all your server resources. As result, your Wordpress powered website starts working really slowly. At Injoit.com we resolve this by installing additional mysql optimize script to the websites of our customers. Added to cron this script launched daily or weekly and does the job perfectly.