@Blasty,
I hadn't considered that you are using google, that's going to take away many potential issues.
I haven't even tried to get my head around OAuth, and I'm glad I haven't needed to.
Flood prevention can have many layers, for example I reject lots of requests when I can't get a user agent string. I also have a white list for bots, and when I get an approved bot on my site I feed it data from my DB rather than request stats from Jagex. This acts as a preventative measure against getting IP banned, and it's faster for the bot.
Recoveries are tricky for me, I basically use the process of elimination. It's not always successful but most of the time I've been able to recover the tracking data for the user.
Since I save a time stamp for when tracking starts and also save a timestamp when the logged user leaves the tracking page I have a ballpark area to start with. With info from the user, how many player were they tracking, who were they tracking and an estimate on tracking duration I can do a simple query.
recovery = time where accountTrackingStarted is between timeWhenAccountLost where tracked player count = X and tracked names = playerA, playerB, playerC
There is also other data I can put into the query, like total leve when tracking started, total level when stopped, number of unranked stats, number of 99's, highest skill, lowest skill, and so on.
SQL queries are pretty cool, and with enough parameters I can often return a single result.
There are methods built into sql for injection protection.
real_escape_string (now depreciated) was pretty good, but if not used 100% correctly vulnerabilities can easily be left open. However these holes are generally from a lack of understanding and/or because of bad practices.
cont...
I hadn't considered that you are using google, that's going to take away many potential issues.
I haven't even tried to get my head around OAuth, and I'm glad I haven't needed to.
Flood prevention can have many layers, for example I reject lots of requests when I can't get a user agent string. I also have a white list for bots, and when I get an approved bot on my site I feed it data from my DB rather than request stats from Jagex. This acts as a preventative measure against getting IP banned, and it's faster for the bot.
Recoveries are tricky for me, I basically use the process of elimination. It's not always successful but most of the time I've been able to recover the tracking data for the user.
Since I save a time stamp for when tracking starts and also save a timestamp when the logged user leaves the tracking page I have a ballpark area to start with. With info from the user, how many player were they tracking, who were they tracking and an estimate on tracking duration I can do a simple query.
recovery = time where accountTrackingStarted is between timeWhenAccountLost where tracked player count = X and tracked names = playerA, playerB, playerC
There is also other data I can put into the query, like total leve when tracking started, total level when stopped, number of unranked stats, number of 99's, highest skill, lowest skill, and so on.
SQL queries are pretty cool, and with enough parameters I can often return a single result.
There are methods built into sql for injection protection.
real_escape_string (now depreciated) was pretty good, but if not used 100% correctly vulnerabilities can easily be left open. However these holes are generally from a lack of understanding and/or because of bad practices.
cont...
24-Jan-2014 09:34:36 - Last edited on 24-Jan-2014 09:54:14 by Indecent Act