tags:

views:

107

answers:

1
Q: 

Saving highscores coupled to a facebook account

I want to offer a "highscore" list for friends in my app (at this point iPhone/iPad), so that if the user connected to facebook, he will get a list with his/her friends scores.

Connecting is easy, retrieving friends is easy, but figuring out the best way to store the scores is not.

As it seems I need to the store the scores on my own server server, no big deal. But what is considered a reasonable safe way to transfer the data? When communicating with facebook, authentication is clear - but communicating with my server basically anyone could post scores for another user if I send user id and score. Obfuscation might help a bit, but is there any better way to make sure that the data comes from the fb-logged-in person?

Scores can also go down, so changing scores for other persons won't necessary help them.

Thanks :)

A: 

You can try sending the Facebook session information to your server, and then seeing if you can perform a simple Facebook API read operation using that session. If successful, then that's the actual user. If not, then it isn't.

Yuliy  2010-06-05 15:57:40
I don't think sending user credentials or session info to a third party server and then initiating fake calls is acceptable for users, and it might get blocked easily. Thinking about sending tokens around to sign the data and storing device ids as well, so attacks could be spotted more easily. Manipulation of one's own score is harmless (and fairly easy anyway), I just want to shut the door towards attacks on other people scores (which seems unluckly anway, but don't want to make it plain easy).
Eiko  2010-06-05 21:28:48
I can't think of any nicer methods of proving that the phone has a session with Facebook (short of something more invasive, like having the app phone home a confirmation key/nonce to a service via facebook or something crazy like that)
Yuliy  2010-06-06 04:47:41
It indeed seems to be ok to send session data around. Just can't get it to work :-|
Eiko  2010-06-11 08:32:45

related questions

How do we get arround Apple's decission to skip sms templates for iPhone?
iPhone App Crashing - Error Question
Can I write native iPhone apps using Python
Does the Iphone 1/2 have a compass inside?
How do you beta test an iphone app?
Is it just the iPhone simulator that is restricted to intel only Mac's?
iPhone App Minus App Store?
Deleting messages from Exchange IMAP mailbox on iPhone
Is there a multiplatform framework for developing iPhone / Android applications?
How can I launch the Google Maps iPhone application from within my own native application?
Tips for a successful AppStore submission?
iPhone app that access the Core Location framework over web
Virtual Mac?
What's a good machine for iPhone development?
How can I develop for iPhone using a Windows development machine?
Recommended iPhone Development Resources
Best Wiki for Mobile Users
How to programmatically send SMS on the iPhone?
iPhone - Exchange Calendars in Public Folders
iPhone web applications, templates, frameworks?
Understanding reference counting with Cocoa / Objective C
How-to articles for iPhone development, Objective-C
What are the correct pixel dimensions for an apple-touch-icon?
How do I give my web sites an icon for iPhone?
iPhone app in landscape mode