views:

64

answers:

1

Hello. I'm diving into RoR and plan to build a few websites. Alongside the websites, I'd like to use RoR to build a simple RESTful game server API that can be used to orchestrate a two-player iOS game that I'm writing. The game is puzzle-based time challenge (the first player to solve the puzzle wins) and the players will only be communicating with the game server about every ten seconds to five minutes and the amount of data coming to/from the server probably won't be more than a few hundred bytes. The client-server flow will go something like this...

  1. Matchmaking occurs on clients using the Game Center API to generate a list of two players (clients)
  2. Both clients check in and authenticate with the game server to start a new game, then the game server synchronizes the start of the game on both clients
  3. Both players begin solving the puzzle, when either player finishes (solves puzzle or quits), the client sends the results to the server.
  4. When both players finish, the server stores the results in the DB and sends back the results to both clients, then the game session is ended.

Without having implemented this, is seems like this will work fairly well with RoR. Cheating is, however, a concern and my idea for a solution is to use the RoR concept of Active Record Session to authenticate players when the game starts. That is, only allow requests by clients that were authenticated in step 2 above to be honored by the server.

  • Do you see any problems with using RoR to implement this kind of turn-based game server?
  • As mentioned above, I'm trying to prevent cheating by limiting player authentication to occur through my iOS app. What are some ways I can ensure the authentication is being requested by my iOS app?
  • Assuming I can effectively limit player authentication to my iOS app, am I missing any obvious ways players can still send the server false data and cheat?

Thanks so much in advance for all your help!

+1  A: 
  1. I don't see any problem with using rails for that, or any other web language for that matter.
  2. I believe a proper authentication method for your requirements is OAuth.
  3. If i were you, i'd consider limiting your clients to only 1 login at a time.
Elad Meidar