There is no prevention against SPAM ! We have also to ensure that user do not cheat by sending false data with fake time laps ...

Gaëtan


2013/10/30 <simon@mungewell.org>
> Hi Simon,
>
> OK.
>
> Another question for you and Madbad, with system ID or another system
> without registred users ... often a player take a pseudo for game,
> how to know if a player doesn't take a nickname already in use by
> another player

Because whatever 'name' they choose to enter (if they want) is not the
UUID which represents them in the database, instead we use a psuedo-random
token which the server generates/gives to them for tracking purposes.


I can't find the python scripts (I'm at work at present), but here's how
they work:

Take a number (server side incremented, to represent player 1, 2, etc...)
and encrypt it with a secret key, give this to the end user to submit
their laptimes with.

Since the tokens are generated by symetrical encryption (rather than
random or hash) they are guarenteed to be unique.

If the user looses it, then no-worry just give them the next/new ID.

Let the user register a nick-name against the token to make display more
friendly.

Encode procedure (generates the first 40 tokens)
--
$ for i in $(seq 1 1 40); do echo -n `python num_to_128bits.py  $i |
openssl enc -aes128 -nosalt -pass pass:test -nopad | python
128bits_to_num.py
0x3DCBCE60649BA8CCA716DC93F9A395D3
...
--

Decode proceedure (decripts a token to a user number)
--
$ python num_to_128bits.py 0x3DCBCE60649BA8CCA716DC93F9A395D3 | openssl
enc -d -aes128 -nosalt –pass pass:test -nopad | python 128bits_to_num.py
0x00000000000000000000000000000001
--

Since the token is 128bits long, it is very unlikely that anyone would be
able to guess it to submit results as you (or change you user's name/etc).
Simon


------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
Speed-dreams-devel mailing list
Speed-dreams-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/speed-dreams-devel