Here is what I'm doing. I will have an online game that is a real exe application that clients run. Clients connect to my game server. They will have stats, achievements, and be able to buy various things for which I will use PayPal IPN service.
When a player wants to log on, I must be able to retrieve their profile and information from somewhere. When a player wins a game, the game server must be able to add a point to their profile.
Users will need to be able to access their stats from the Web Site, or from the game itself.
Would it be a good idea to use the MySQL database that comes with the Web Site for everything. In that, the game server would get and set properties through php or something?
Otherwise what might be a better solution? Is there a way for my web site to use a database that is on the game server machine, if so would that be a good idea?
How is this sort of problem usually solved?
Thanks
Where you put the database doesn't really matter. If you already have one and it can handle the load, use it. But for security and general organization, you should create a separate database and user within MySQL for your game score information. The user should only be able to access the game data database. This way your other data in the data base is protected from your web interface to the game data in case of a PHP or SQL vulnerability.
MySQL is defineatly the way to go. I have a current setup in a folder outside of public html called users, when a user registers a subfolder inside users is created along with a mysql entry. I use MySQL for username/pass/DOB/etc. and the user's folder for storing pics, acheivements in XML, and comments.
As for the client, I'm sure you could initialize a invisible web browser to access the page, and then use simple coding to get data from the web browser.
MySQL is a popular choice for persistence. Load up the profile at login and cache the data on the client. Then write the updates back at the end of the session. This is one of the things MySQL/PHP was made for. It is cheap, easy and performs and scales well.
Related
I'm having a problem with my re-frame application. I can't figure out how to connect it to a local database on my machine.
In other applications I've written, I've had to add the database specifications (username, password etc) into profiles.clj. Should I create profiles.clj and add the location of my database there? And does this mean I have to update the project.clj as well?
Finally, do the queries to the database, such as GET and POST requests, go in db.cljs.
I apologise if these questions are trivial but after reading the documentation several times I am still a little confused
re-frame is a framework for building client-side web applications. You won't be able to do generic database queries as most databases don't support direct access from a browser.
I'm having a problem with my re-frame application. I can't figure out how to connect it to a local database on my machine.
You probably need to create a middle API tier that accepts REST requests from re-frame, and queries the database, returning JSON back to the client.
Finally, do the queries to the database, such as GET and POST requests, go in db.cljs
Those are probably queries to your API tier? They can live anywhere that you would like.
One thing to clarify: re-frame has an app-db that it uses and refers to. This is a client-side database of local state that lives in your application. It doesn't have a connection to the backend, at least not without you writing more code for it. It sounds like you might be confusing these?
Backstory
I work for a company that has an online site that allows user to text personal information for collection. We collect the data, and make it available online. Users can choose to share the data with other users.
Going Forward
At some point, this may become classified an FDA-governed medical tool. In anticipation, we'd like to have in place a logging system that shows each time someone accesses our users' data, whether it be the user themselves, another authorized user, or a support person.
Current Architecture
We are currently running Ruby/Rails, and using a MySQL database. The personal information is encrypted in the database.
Data Access for Support
Today, support personnel can access data one of three ways:
admin site The admin site is limited to whatever screens we develop. While we don't currently, we could easily add logging to keep an audit trail of who accessed which data using the admin tool.
sql client I use MySQLWorkbench to access production. However, when connected this way, all personal information (user name, cell number, etc), is encrypted.
Ruby Rails console - Finally, support can log into one of the production boxes and use the Ruby/Rails console from command line. Ruby will decrypt the data, so we can do some simple things such as
u=User.find_all_by_state('active')
and it will return the recordset of all users with state='active', and decrypt their personal information in the resultset.
Holy Grail
logging
easy access for support
I'd love to be have a way to allow easy support access (once authenticated) to the data, but would log everything that is accessed (read or updated). That way, if I'm checking out my buddy's ex-wife's data for example, it gets logged to a place where I can't get in and clean it the audit trail. (See Google firing Gmail employee for an example of employees breaching the data policies).
Anyone have ideas, thoughts, experiences, suggestions with this issue?
hey devguy. This was a issue for me a couple months back. We ended up centralizing our mysql queires so that we could start to track all information coming in and out. Unfortunately the class I wrote is in PHP but the idea behind it could make it very easy to start logging.
https://code.google.com/p/php-centralized-mysql-controller/
Try stored procedures. Make all code use the stored procedures for CRUD activities. This defines an API that your developers can use while business rules are global enforced (don't return entire SSN values, but only last 4 digits, etc).
This serves as the basis for an external API as well.
If you want logging/auditing, you put it in the procedure.
This protects you from everyone except the DBAs.
I'm trying to make a vote/poll application in Flash using Actionscript 3. Is there any way to generate a specific ID that is unique to each user?
The only other option I can think of is using the IP address, which is less than ideal in many cases (college campuses, shared Internet access, etc.).
It needs to be the same number every time it is run on the same PC, but different for each user.
You have two options:
1) A Remote Shared Object, which is a fancy way to say a Flash Cookie, which will remember the browser every time.
Alternately, you can set up some sort of back-end login system (since you want unique to every user, even on the same computer, this sounds like what you'll have to do). This is more than just flash - you'll need to integrate with a server-side scripting language like PHP (integration is easy with AMFPHP or ZendAMF, I believe you can find some tutorials on http://www.gotoandlearn.com) and handle your user stuff there.
You're going to have to wire this up to some sort of login - there has to be a way for users to identify themselves, or the whole thing is pointless.
If I were you I'd put a login screen first, tie to a PHP back-end and use cookies to remember that you have someone logged in - but give them the option to log out. Then you simply associate the logged-in user with some sort of unique key - like the user index in a MySQL database - and you're all set.
Depending on how comfortable you are with technologies beyond flash that may either sound simple or complicated, but it really shouldn't take you too long. If you don't know anything about PHP or MySQL you can google "PHP User Login" and that should get you started. Let me know if you have any specific questions!
I would like to make some AIR application which would be used for tracking jobs inside a company.
The idea is to create some database which will handle all the data and, when other users form other computers modify data, it is always saved on that same 'server'.
So, more than one user can edit same database, and it would be great if all the data is constantly 'refreshed' (if one user edits and saves data, on other users' computer data is instantly updated). Application would be used only in local network.
I have some data in Excel, so I also wonder if AIR can handle it somehow? Or is it better to re-structure the whole db?
So, which kind of db should I use? I've read that AIR likes SQLite very much, which would be good because I work with MySQL...
Is AIR (in combination with SQLite) able to handle ALL my needs (working over network, sharing same db, refreshing data, creating server/client applications or something, etc.)?
Thank you very much for any thoughts!
m.
There's no restrictions on what database you can use. My advice would be to create an interface in PHP or ASP or whatever language you prefer (since the Database is on a server elsewhere, you'll need some sort of network connectivity anyway), and send all requests and modifications through that.
I want to build a web based front-end to manage/administer my Linux box. E.g. I want to be able to add users, manage the file system and all those sorts of things. Think of it as a cPanel clone but more for system admin rather that web admin.
I was thinking about creating a service that runs on my box and that performs all the system levels tasks. This way I can have a clear separation between my web based front-end and the actual logic. The server pages can than make calls to my specialized server or queue tasks that way. However, I'm not sure if this would be the best way to go about this.
I guess another important question would be, how I would deal with security when building something like this?
PS: This just as a pet project and learning experience so I'm not interested in existing solutions that do a similar thing.
Have the specialized service daemon running as a distinct user -- let's call it 'managerd'. Set up your /etc/sudoers file so that 'managerd' can execute the various commands you want it to be able to run, as root, without a password.
Have the web server drop "trigger" files containing the commands to run in a directory that is mode '770' with a group that only the web server user and 'managerd' are members of. Make sure that 'managerd' verifies that the files have the correct ownership before executing the command.
Make sure that the web interface side is locked down -- run it over HTTPS only, require authentication, and if all possible, put in IP-specific ACLs, so that you can only access it from known locations, in advance.
Your solution seems like a very sensible solution to the 'root' issue.
Couple of suggestions:
Binding the 'specialised service' to localhost as well would help to guarantee that requests can't be made externally.
Checking request call functions that perform the actions and not directly give the service full unrestricted access. So calling a function "addToGroup(user,group)" instead of a generic "performAction(command)".