CiuchApp logic

[Ido Ran <id...@gmail.com>]

Hi,
I'm trying to understand how to build couchapp that is truly distributed. 
If I'm building web version of Monopoly game using CouchDB and CouchApp;

1. Where will the business logic of changing the turn from one player to the next will be?

2. How can I prevent malicious user from changing their local couchDB replica manually and disrupting the game?

Thank you,
Ido

Re: CiuchApp logic

[Benoit Chesneau <bc...@gmail.com>]

On Wed, Sep 19, 2012 at 7:16 PM, Gabriel Mancini
<ga...@gmail.com> wrote:
> use http://kan.so/ to create couchapp
>

how does it answer to the question ?
> On Wed, Sep 19, 2012 at 1:06 PM, Ido Ran <id...@gmail.com> wrote:
>
>> Hi,
>> I'm trying to understand how to build couchapp that is truly distributed.
>> If I'm building web version of Monopoly game using CouchDB and CouchApp;
>>
>> 1. Where will the business logic of changing the turn from one player to
>> the next will be?
>>
>> 2. How can I prevent malicious user from changing their local couchDB
>> replica manually and disrupting the game?
>>
>> Thank you,
>> Ido
>>
>>
>>
>
>
> --
> Gabriel Mancini de Campos
> Arquiteto de Soluções
>
> +55 (11) 9449-1706
> gabriel.mancini@gmail.com
> São Paulo - SP - Brasil

Re: CiuchApp logic

[Gabriel Mancini <ga...@gmail.com>]

use http://kan.so/ to create couchapp

On Wed, Sep 19, 2012 at 1:06 PM, Ido Ran <id...@gmail.com> wrote:

> Hi,
> I'm trying to understand how to build couchapp that is truly distributed.
> If I'm building web version of Monopoly game using CouchDB and CouchApp;
>
> 1. Where will the business logic of changing the turn from one player to
> the next will be?
>
> 2. How can I prevent malicious user from changing their local couchDB
> replica manually and disrupting the game?
>
> Thank you,
> Ido
>
>
>


-- 
Gabriel Mancini de Campos
Arquiteto de Soluções

+55 (11) 9449-1706
gabriel.mancini@gmail.com
São Paulo - SP - Brasil

Re: CiuchApp logic

[Ido Ran <id...@gmail.com>]

Thank you, I'll check it out



ב-19 בספט 2012, בשעה 21:24, Ryan Ramage <ry...@gmail.com> כתב/ה:

> Ido,
> 
> btw, I made a kanso package so that you can use these crypto libs work
> both in the couch side (show, lists, updates) and on a browser.
> 
> see https://github.com/ryanramage/kanso-encryption
> 
> On Wed, Sep 19, 2012 at 12:11 PM, Ryan Ramage <ry...@gmail.com> wrote:
>> Ido,
>> 
>> you could have the game take place in one document. Each move is a
>> change to the doc, so only one player is allowed to make it. The doc
>> contains a history of moves. To verify someone has not cheated you
>> could sign each move with a key. See something like
>> https://github.com/wwwtyro/cryptico.
>> 
>> Warning..using crypto in js is really not secure. I think it would be
>> enough to prevent most cheating, but you would not want to do anything
>> serious with this. Some browsers are getting close to supporting
>> crypto extensions, but its not there yet. That being said I am sure it
>> would be sufficient for a monopoly type game as long as it's not real
>> money at stake :)
>> 
>> Ryan
>> 
>> On Wed, Sep 19, 2012 at 11:57 AM, Jens Alfke <je...@couchbase.com> wrote:
>>> 
>>> On Sep 19, 2012, at 10:39 AM, Ido Ran <id...@gmail.com>> wrote:
>>> 
>>> I want to build game using CouchApp.
>>> It's not sensitive data but I don't want very easy way to cheat.
>>> 
>>> It sounds like you want both players to have their own local CouchDB, and they’ll replicate with each other?
>>> 
>>> In general, with a peer-to-peer system where you don’t trust the other peers, you have to strictly validate any updates you receive. So if there’s a document representing the game state, you have to verify that the new revision represents a valid move made from the state of the old revision. Particularly important are that player turns have to alternate, and that a revision received in replication has to represent a move by the other player. (So the document schema has to include an indication of who made the last move.)
>>> 
>>> It gets trickier if the board state is expressed by multiple documents, because then you can’t validate the entire move at once. It might not be feasible to do it that way.
>>> 
>>> —Jens

Re: CiuchApp logic

[Ryan Ramage <ry...@gmail.com>]

Ido,

btw, I made a kanso package so that you can use these crypto libs work
both in the couch side (show, lists, updates) and on a browser.

see https://github.com/ryanramage/kanso-encryption

On Wed, Sep 19, 2012 at 12:11 PM, Ryan Ramage <ry...@gmail.com> wrote:
> Ido,
>
> you could have the game take place in one document. Each move is a
> change to the doc, so only one player is allowed to make it. The doc
> contains a history of moves. To verify someone has not cheated you
> could sign each move with a key. See something like
> https://github.com/wwwtyro/cryptico.
>
> Warning..using crypto in js is really not secure. I think it would be
> enough to prevent most cheating, but you would not want to do anything
> serious with this. Some browsers are getting close to supporting
> crypto extensions, but its not there yet. That being said I am sure it
> would be sufficient for a monopoly type game as long as it's not real
> money at stake :)
>
> Ryan
>
> On Wed, Sep 19, 2012 at 11:57 AM, Jens Alfke <je...@couchbase.com> wrote:
>>
>> On Sep 19, 2012, at 10:39 AM, Ido Ran <id...@gmail.com>> wrote:
>>
>> I want to build game using CouchApp.
>> It's not sensitive data but I don't want very easy way to cheat.
>>
>> It sounds like you want both players to have their own local CouchDB, and they’ll replicate with each other?
>>
>> In general, with a peer-to-peer system where you don’t trust the other peers, you have to strictly validate any updates you receive. So if there’s a document representing the game state, you have to verify that the new revision represents a valid move made from the state of the old revision. Particularly important are that player turns have to alternate, and that a revision received in replication has to represent a move by the other player. (So the document schema has to include an indication of who made the last move.)
>>
>> It gets trickier if the board state is expressed by multiple documents, because then you can’t validate the entire move at once. It might not be feasible to do it that way.
>>
>> —Jens

Re: CiuchApp logic

[Ryan Ramage <ry...@gmail.com>]

Ido,

you could have the game take place in one document. Each move is a
change to the doc, so only one player is allowed to make it. The doc
contains a history of moves. To verify someone has not cheated you
could sign each move with a key. See something like
https://github.com/wwwtyro/cryptico.

Warning..using crypto in js is really not secure. I think it would be
enough to prevent most cheating, but you would not want to do anything
serious with this. Some browsers are getting close to supporting
crypto extensions, but its not there yet. That being said I am sure it
would be sufficient for a monopoly type game as long as it's not real
money at stake :)

Ryan

On Wed, Sep 19, 2012 at 11:57 AM, Jens Alfke <je...@couchbase.com> wrote:
>
> On Sep 19, 2012, at 10:39 AM, Ido Ran <id...@gmail.com>> wrote:
>
> I want to build game using CouchApp.
> It's not sensitive data but I don't want very easy way to cheat.
>
> It sounds like you want both players to have their own local CouchDB, and they’ll replicate with each other?
>
> In general, with a peer-to-peer system where you don’t trust the other peers, you have to strictly validate any updates you receive. So if there’s a document representing the game state, you have to verify that the new revision represents a valid move made from the state of the old revision. Particularly important are that player turns have to alternate, and that a revision received in replication has to represent a move by the other player. (So the document schema has to include an indication of who made the last move.)
>
> It gets trickier if the board state is expressed by multiple documents, because then you can’t validate the entire move at once. It might not be feasible to do it that way.
>
> —Jens

Re: CiuchApp logic

[Jens Alfke <je...@couchbase.com>]

On Sep 19, 2012, at 10:39 AM, Ido Ran <id...@gmail.com>> wrote:

I want to build game using CouchApp.
It's not sensitive data but I don't want very easy way to cheat.

It sounds like you want both players to have their own local CouchDB, and they’ll replicate with each other?

In general, with a peer-to-peer system where you don’t trust the other peers, you have to strictly validate any updates you receive. So if there’s a document representing the game state, you have to verify that the new revision represents a valid move made from the state of the old revision. Particularly important are that player turns have to alternate, and that a revision received in replication has to represent a move by the other player. (So the document schema has to include an indication of who made the last move.)

It gets trickier if the board state is expressed by multiple documents, because then you can’t validate the entire move at once. It might not be feasible to do it that way.

—Jens

Re: CiuchApp logic

[Ido Ran <id...@gmail.com>]

I want to build game using CouchApp. 
It's not sensitive data but I don't want very easy way to cheat. 

Ido



ב-19 בספט 2012, בשעה 20:30, Benoit Chesneau <bc...@gmail.com> כתב/ה:

> On Wed, Sep 19, 2012 at 6:06 PM, Ido Ran <id...@gmail.com> wrote:
>> Hi,
>> I'm trying to understand how to build couchapp that is truly distributed.
>> If I'm building web version of Monopoly game using CouchDB and CouchApp;
>> 
>> 1. Where will the business logic of changing the turn from one player to the next will be?
> 
> You can propbably uses _changes for this.
> 
>> 
>> 2. How can I prevent malicious user from changing their local couchDB replica manually and disrupting the game?
> 
> 
> You may need to play with some update validation rules and filter the
> replication. What kind of data you need to protect?
> 
> 
>> 
>> Thank you,
>> Ido
>> 
>> 

Re: CiuchApp logic

[Benoit Chesneau <bc...@gmail.com>]

On Wed, Sep 19, 2012 at 6:06 PM, Ido Ran <id...@gmail.com> wrote:
> Hi,
> I'm trying to understand how to build couchapp that is truly distributed.
> If I'm building web version of Monopoly game using CouchDB and CouchApp;
>
> 1. Where will the business logic of changing the turn from one player to the next will be?

You can propbably uses _changes for this.

>
> 2. How can I prevent malicious user from changing their local couchDB replica manually and disrupting the game?


You may need to play with some update validation rules and filter the
replication. What kind of data you need to protect?


>
> Thank you,
> Ido
>
>