Apache with Comet Support - apache2

I'd like to build a multiplayer web game application in which it supports chat. I presume the application will have to handle hundreds of simultaneous connections.
I'm planning to host my application in a shared web hosting, which has these limitations (most likely similar to PHP + Comet (long-polling) scaling / hosts):
It does not seem I can change the web server. Most likely it's using Apache.
Supports MySQL 5, PHP 5.3.x, Perl, Python, Ruby on Rails, CGI
(To be more precise, I'll be using HawkHost's shared web hosting.)
And here are my result of research, followed by my questions:
Some resources (like Python Comet Server) say that PHP is not good for handling concurrent connections, while Python is better choice. Is this true?
I've tried the long polling technique in PHP (although I don't know whether it's correctly implemented or not, like Comet issue with abandoned open connections) using "Loop endlessly until the data changes." method. This almost works. The remaining problem is that the server process never dies when the browser is closed (the server does not know that the connection has been terminated, and the data never changes). Is there any way the PHP can detect whether the browser has been terminated so that it stops the loop?
I've been looking everywhere to look for answers but still I can't conclude anything. This topic has also been asked on StackOverflow so many times, I'm sorry if I may sound repeating >.<.
Currently I am able to code using PHP, MySQL, and JQuery for JS. I'm still new to the term Comet and Server Push. If necessary, I'm also willing to learn new scripting language like Python.
I appreciate any insights of what scripting language, framework, and techniques to use to start my project.

When you have a shared hosting environment and there are a number of restrictions enforced then it's a good idea to outsource the realtime functionality. I would say this since I work for one such company, Pusher. But I hope others will back me up on this.
When using a hosted solution you can push a notification by making a HTTP request to a RESTful API. The service will then deliver the message to the connected Web Client (browser). The browser does need to include a script tag or use a library that also connects to the hosted service.
The main benefits are:
No installation or maintenance
No need to handle persistent connections - no resource usage
Really simple usage: Script tag in app and call REST API
The hosted solution handles scaling
Also, here's a list of hosted realtime solutions.

So you can use Python. Then you can use Tornado. (psst... facebook uses it)
And I had same problem with open connections. Just don't spend time for search solution in PHP - later you will be sorry. I was. Just use what is made for Comet. If you more prefere JAVA, then there is: CometD.
And for game get a normal hosting. They cheap this days.

Related

How to raise security for my Unity project?

In a nutshell, my project consists of:
A secure RESTful API web service (hosted on Heroku), handling requests/responses for a database. It accepts & returns JSON data
A Unity desktop application, which doubles as a Twitch API chat bot, and communicates with the webservice to update the state of the game, as well as the state of the database.
IMPORTANT: This game is meant to be run by Twitch streamers, and played by users in Twitch chat
So my question is... Even though my web service is secure, what can I do to ensure that someone won't simply reverse engineer my Unity application to figure out how to properly communicate with my web server?
Encrypted HTTP traffic stops packet sniffing, but is a moot service if you can still use the same methods the application uses to interact with the data. Perhaps I'm being too paranoid, but there are plenty of tools out there that specifically target Unity & C# projects, so it really wouldn't take much effort.
One idea I had was to use the Twitch API to check if the user is actively streaming the game, and only allow them to start the game if the web service can't find a duplicate IP address in the database with an "isStreaming" flag set. This works in theory... but in practice, anyone can set up a fake Twitch account and a fake or "blank" stream on their machine, and then run some reverse-engineered code from the game.
Is there anything else I could do to minimize a hacker's ability to interact with my database?
The Simple Answer
Unity-compatible Code Obfuscation
Thanks to Unity's plugin system, there are actually some decent options for this. Some are paid options that exist in the Asset Store, as well as some 3rd party paid/free options that are simply unrelated to Unity (but could still work). Some of the free options, such as ConfuserEx, are also open source, allowing you to make custom code changes to how your work can be obfuscated.
The More Complex Answer
I made a simple C# Class Library and filled it with some pointless functionality (for testing)
I compiled a release build of the library
I obfuscated it through ConfuserEx using Aggressive settings (Maximum settings had Unity spitting out Invalid IL code errors)
I added an Assets/Plugins folder to my Unity project, and placed the compiled library there
I created a new C# script to test the library from within Unity
... And although the decompiled code was unintelligible, it still worked as expected within Unity. I used an IL/C# decompiler tool (such as JustDecompile) to compare the differences between the obfuscated binary and the original binary.
So if I really wanted to, I could follow these very same steps for all of my important bits of code (or even for the majority of my client project), as well as implementing any aforementioned security measures... And so hopefully, it's now going to be too much of a chore for anyone to understand the inner-workings of my project.

how do simple mobile game servers are built?

I'm really new to programming, and I wonder how simple mobile game servers (like flappy bird) are built to store the scores that user made.
If you are new to programming maybe instead of programming your own backend engine is better to use some APIs developed by third party developers. Some examples are on Parse, App42 or Gamedonia. This APIs allows to save data easily and to not have to build your own servers.
The three things you need to know how to do:
Write a program that talks to another program over the internet
Write a program that talks to a database on the local machine
Start a virtual server instance on a service such as AWS and run stuff on it
For a beginner, NodeJS and MongoDB are particularly easy to do this with.
Later it might be a better idea to use an already-made API like Unai mentions, but trying this out yourself first will give you a better understanding of how this all works.
You can also use Facebook scores API for that (how to integrate in unity3d).

Query SQL Server Database from native iOS Application

I am working on an in-house, iOS app that will need read-only access to a SQL Server with multiple databases. I know the stock answer here is "write some web services", but I'd like a solution that is self-contained. Is there any way to directly connect to a SQL Server database from an iOS application? I'm thinking something like a basic ODBC connection.
I've seen a lot of users asking this question, but very few answers other than "write a web service." Is that really the only way?
A web service is indeed the only way, but Red Gate's written one you can reuse:
http://www.mobilefoo.com/iSqlServerSDK.html
http://labs.red-gate.com/Tools/Details/iSqlSDK
It's not officially released yet, just in beta, so keep in mind that features & prices may change.
Actually the easiest way is to create a MVC 3 or 4 asp.net web application. call the web methods. You don't need any API to pay for.
I use SBJson to serialize domain object and then send the objects as serialized jSOn to MVC 3. It's super easy to do. I even send images with base64, so it's .net compatible.
See my blog post with sample code:
http://nickturner.wordpress.com/2012/10/09/107/
So, after much searching and trial and error, unfortunately the best (only?) way I've found is indeed using Web Services.
Fortunately, Linq to SQL makes the WCF-creation-side incredibly easy. Once I got someone at work to walk me through setting up a Windows web server and adding the web service (and buying access to an online web server), the Windows side was up and ready to go.
I'm still working through all of the syntax stuff on the SOAP interaction side, but keeping my different methods somewhat similar in structure allows me to tinker a little until it works. By this time, I think I've gotten it to work pretty well.
So, both answers I got back were (disappointingly) correct. The only way to interact is through a Web Service. Even the 3rd party solutions they mentioned were really just convenient wrappers around the same type of technology. As it turns out, I'd rather have finer control over the process.
One word of advice: Get a real, external web server. I tried doing this on a non-Server Windows VM on my iMac/MacBook Pro, and it was like pulling teeth! Once I actually got access to an external, full, stand-alone web server, the process was much more streamlined and easy. Do yourself a favor and take that headache out of the equation!
There was a SQL ISAPI extension as part of SQLXML, but I think it has been deprecated: http://msdn.microsoft.com/en-us/library/aa226559%28v=SQL.80%29.aspx
This was effectively a pre-built, and relatively open, web service - so I'm not sure this counts as a direct connection.
You could also check out http://odbcrouter.com/Main

nodejs and database communication - how?

I've heard much good about nodejs and writting client-server application with it. But I can't get, for example, when developing IM client-server application, how nodejs server script is supposed to talk to database server to actually store it's data? Or may be I miss something and nodejs server scripts are not supposed to do that? If so, please, push me to correct direction.
I've noticed DBSLayer http://code.nytimes.com/projects/dbslayer/wiki, but it looks like it's still in beta.
You need to grab a module that handles the communication to the database you want. See here for a list of modules for node.js. Popular databases that work well with node.js are MongoDB, CouchDB and Redis.
As stagas says, you can use a module that handles communication if you want to use an external database.
If you want an internal (=embedded) database, you can use one written in javascript you can require like any other module such as NeDB or nStore. They are easier to use and useful if your webapp doesn't need to handle a lot of concurrent connections (e.g. a tool you make for yourself or a small team), or if you write a desktop app using Node Webkit

How to wrap a C library so that it can be called from a web service

We have a library with very complex logic implemented in C. It has a command line interface with not too complex string-based arguments. In order to access this, we would like to wrap the library so that it can be accessed with simple XML RPC or even straightforward HTTP POST calls.
Having some experience with Java, my first idea would be
Wrap the library in JNI/JNA
Use a thin WS stack and a servlet engine
Proxy requests through Apache to the servlet engine
I believe there should already be something simple that could be used, so I am posting this question here. A solution has the following requirements
It should be deployable to a current linux distribution, preferrably already available via package management
It should integrate with a standard web server (as in my example Apache)
Small changes to the library's interface should be manageable
End-to-end (HTTP-WS-library-WS-HTTP) the solution should not incur too much overhead, but reliability is very important
Alternatively to the JNI/JNA proposal, I think in the C# world it should not be too difficult to write a web service and call this unmanaged code module, but I hope someone can give me some pointers that are feasible in regards to the requirements.
If you're going with web services, perhaps Soaplab would be useful. It's basically a tool to wrap existing command line applications in SOAP web services. The web services it generates look a bit weird but it is quite a popular way to make something like this work.
Creating an apache module is quite easy and since your familiar with xmlrpc you should check out mod-xmlrpc2. You can easily add your C code to this apache module and have a running xmlrpc server in minutes
I think you may also publish it as a SOAP based web service. gSoap can be used to provide the service interface out of the library. Have you explored gSOAP? See http://www.cs.fsu.edu/~engelen/soap.html
Regards,
Kangkan
Depends what technology you're comfortable with, what you already have installed and working on your servers, and what your load requirements are.
How about raw CGI? Assuming the C code is stateless between requests, you can do this without modifying the library at all. Write a simple script which pulls the request parameters out of the CGI environment, perhaps sanitises the input, calls the library via the command-line interface, and packages the result into whatever HTTP response you want. Then configure Apache to dispatch the relevant URL(s) to this script. Python, for example, has library support for XML-RPC, and so does every other scripting language used on the web.
Servlets sound like overkill, but for instance if you want multiple requests per CGI process instantiation, and don't feel like getting involved in Apache configuration, then it might be easiest to stick with what you know.
I'm doing a similar thing with C++ at the moment. In my case, I'm writing a PHP module to allow PHP scripts to access the logic in my C++ library.
I can then use whatever format I want to allow the rest of the world to see it - initially it will just be through a PHP web application but I'll also be developing an XML-RPC interface.
If you're going down the JNI route, check out SWIG.
http://www.swig.org/Doc1.3/Java.html
Assuming you have headers to project bindings with, swig is pretty easy to work with.

Resources