4

I have an Android game and I want it to store data - say a high score for example - against each user on a server backend.

Here's a list of outrageously demanding requirements! It's unlikely any solution can meet all these demands, so I've changed/prioritised them:

  1. Minimum/very easy server and client code
  2. Free/cheap
  3. Automatically scalable and no/little server maintenance
  4. As secure as possible with minimum code
  5. Seamless - no user action required to authorise/choose anything

I know about Parse, and that seems the easiest option but I'm concerned about the future cost and would prefer more control so I'd like some alternatives.

AWS seems a lot of effort, although it handles secure anonymous authentication fairly easily and well.

App Engine would be great if there was an easy way to secure requests without requiring the user to login or authorise app engine.

So... I want the seamlessness of Parse, the security of AWS, and the auto-scaling of App Engine. Also the ease of use/coding of Parse. Fingers Crossed. :)

Thanks

Nick Johnson
  • 100,655
  • 16
  • 128
  • 198
whalabi
  • 1,675
  • 3
  • 12
  • 16
  • 1
    2 is not doable in theory. 1, 4 and 6 don't mesh. 3 runs into a problem of Android device IDs (see http://stackoverflow.com/questions/2785485/is-there-a-unique-android-device-id/3102499 ). If you want to get an answer, start prioritizing. Preferably where everyone can see it. – Seva Alekseyev Sep 08 '11 at 15:05
  • Cheers for the feedback, I was starting to suspect 2 is impossible in theory - it's easy to rip a key out of an APK for example. I'll edit the question with prioritisation. – whalabi Sep 08 '11 at 15:12
  • You can use any authentication mechanism you want on App Engine - not just the built-in Users API. – Nick Johnson Sep 09 '11 at 01:06

2 Answers2

2

My advice: use Parse, but create enough abstraction/encapsulation in your models so that swapping Parse out for another service won't be so painful. But seriously, I don't think Parse will get expensive (or even not-free) until your app is seeing very high demand. Furthermore, the Parse guys seems pretty committed to openness: you can export your data as a CSV and they have a REST API so any type of program you write can access the data.

If you're determined to roll your own, I'd recommend creating a Rails back-end with Heroku. Piggyback SSL is free, HTTP Basic Auth is really easy in Rails, and the entire stack will play nicely with whatever db you'd want to use (I'm assuming NoSQL since you want flexibility).

user94154
  • 16,176
  • 20
  • 77
  • 116
  • Thanks for the response, I'm leaning towards Parse, the ease of use is a huge pull, and as you say they seem to embrace the principle that the data is mine. And they autoscale. Abstracting it out would alleviate the lock-in anxiety. Tick! – whalabi Sep 08 '11 at 16:00
  • Thanks! You really will be glad you used Parse. The customer service is top notch. – user94154 Sep 08 '11 at 16:18
0

Any PaaS that supports SSL and a dataabse will probably do. Estimate your traffic, data storage and processing needs and pick one that is cheap enough to get started. App Engine is going out of beta soon, and the pricing model will be changed, so if you want autoscaling you'll have to pay for it.

What exactly is 'secure anonymous authentication' and how does AWS support it?

Nikolay Elenkov
  • 52,576
  • 10
  • 84
  • 84
  • Thanks for the answer - How would I ensure that requests to the server are coming from my client alone? Also see here re AWS: http://aws.amazon.com/articles/4611615499399490 – whalabi Sep 08 '11 at 15:07
  • You will need to build some sort of authentication in your web app. If you use App Engine, you can have people authenticate with their Google account. If not you can use basic/digest authentication (over SSL), or something custom. BTW, that AWS authentication is for using the AWS APIs, which you mostly likely don't need for your app. – Nikolay Elenkov Sep 08 '11 at 15:14
  • The App Engine authentication would be a last resort - not requiring the user to authenticate explicitly would be ideal. Assuming I was using some basic web PaaS, would basic auth over SSL and storing the user/pass in the app be the easiest/best way? – whalabi Sep 08 '11 at 15:21
  • Probably. But you need to make it clear what exactly do you need. Do you need to authenticate users or devices? Do they need a password/access code to login to your server? What data are you storing? How sensitive it is? What if someones tries to hijack someone else's data? – Nikolay Elenkov Sep 08 '11 at 15:28
  • Ideally, I'd want users (email/google account) authenticated - without a password. No sensitive data, just game data attached to the user. I want to secure (as much as possible) against people altering their own data directly - i.e. not through the client, and altering other people's data. Importantly, since the user is logged into their own device and I can retrieve the current user, I can be fairly sure they are who they say they are - from within the app. – whalabi Sep 08 '11 at 15:33