This is more a question or a task of designing a system than a question with encoding.
Basically, I'm going to build a Bejeweled- famous game on Facebook using only HTML, CSS and javascript. This is mainly because of the desire to learn all the small FBJS reservations through a non-trivial project.
So here's the deal. When developing for Facebook, actual API calls are very expensive; Not only is there an additional POST for Facebook servers, there is also a call limit and throttling api to worry about. In a nutshell, the fewer Facebook calls, the better. Combine this with the time considerations of even this simple puzzle game, and there is a good reason to aggressively minimize the number of callbacks in general.
Not being a security expert, here is a project I came up with:
- Insert random seed into game page.
- Use this seed to create a playing field (as well as additional fragments as needed).
- Pick up the seed (xor, concatenate and hash, something like that) after each player move, based on the time since the last move. Edit: I should probably also include the actual step taken by mutating the seed.
- Upon completion of the game, publish the following: the start time of the game, each step taken and when and the result is on the client side.
- On the server, re-launch the data game, checking the start time and time of the move, and then confirm the results match.
- To mitigate the denial of service, the game itself will be modified to receive a win under condition X.
- To prevent the server from being used as an “oracle”, a user sending back an invalid game will be banned for some constant time X (X is of the order of minutes).
Facebook : , , , .
, , - (http://...?myscore=999999999 ). " ", , . ( ).
, - ? , , ?
. , , . .
</" > , , , , .
, 10x10, ~ 200 ( ), . , 5 "". 50 30 000 , 149 750 , "" ; , 10 000 , , , . min-max, . , , 30 , , -, , .