RE: iOS Game - how to secure server side resurces

["Costas Ioannou" <icostas () saferelay net>]

Hello

Also, they want the game to be popular as soon as possible so there are no
security requirements to sign up or set up a user account(userid/pwd). They
just want user to download and start playing.

Maybe upon download and installation, you automatically register the user
(with a username/password or a uid or something...) and automatically
install it on his client. 
The user must save this 'code/password/whatever' if he wants to re-install
or transfer his client to another device and still have his online property
there for him.

Regards
Costas



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of naveen0403 () yahoo com
Sent: Wednesday, November 07, 2012 7:23 PM
To: security-basics () securityfocus com
Subject: iOS Game - how to secure server side resurces

Hi
I recently joined a company which is developing a game/app for iOS. Game
needs some intensive server side processing. Also, they want the game to be
popular as soon as possible so there are no security requirements to sign up
or set up a user account(userid/pwd). They just want user to download and
start playing. 
How do you secure server resources(say REST services) in this environment?
Every approach i think of, has a security flaw, because fundamentally
anything you store on client side(hardcode in code or config files,
encryption keys etc) to communicate with server side resources, it can be
retrieved.
May be I am missing something fundamental. Any help is appreciated.
Thanks
Naveen

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we
examine the importance of Apache-SSL and who needs an SSL certificate.  We
look at how SSL works, how it benefits your company and how your customers
can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server.
Throughout, best practices for set-up are highlighted to help you ensure
efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------

______________________________________________________________________
This message was processed by Inter Engineering Secure Email Managed
Service.

______________________________________________________________________
This message was processed by Inter Engineering Secure Email Managed Service.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------