There is no prevention against SPAM ! We have also to ensure that user do not cheat by sending false data with fake time laps ...


2013/10/30 <>
> Hi Simon,
> OK.
> Another question for you and Madbad, with system ID or another system
> without registred users ... often a player take a pseudo for game,
> how to know if a player doesn't take a nickname already in use by
> another player

Because whatever 'name' they choose to enter (if they want) is not the
UUID which represents them in the database, instead we use a psuedo-random
token which the server generates/gives to them for tracking purposes.

I can't find the python scripts (I'm at work at present), but here's how
they work:

Take a number (server side incremented, to represent player 1, 2, etc...)
and encrypt it with a secret key, give this to the end user to submit
their laptimes with.

Since the tokens are generated by symetrical encryption (rather than
random or hash) they are guarenteed to be unique.

If the user looses it, then no-worry just give them the next/new ID.

Let the user register a nick-name against the token to make display more

Encode procedure (generates the first 40 tokens)
$ for i in $(seq 1 1 40); do echo -n `python  $i |
openssl enc -aes128 -nosalt -pass pass:test -nopad | python

Decode proceedure (decripts a token to a user number)
$ python 0x3DCBCE60649BA8CCA716DC93F9A395D3 | openssl
enc -d -aes128 -nosalt –pass pass:test -nopad | python

Since the token is 128bits long, it is very unlikely that anyone would be
able to guess it to submit results as you (or change you user's name/etc).

Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
Speed-dreams-devel mailing list