如何保护GAE服务器端的计算逻辑？ [英] How to protect GAE server-side calculation logic?

问题描述

假设我有html表单中的100个字段。当填写所有字段时，计算一些分数并向用户显示（假设分数值为0到3000）。

当用户更改任何字段中的值时，我们会显示他的值范围（0-1000，1001-2000，2001-3000），没有详细分数。但是一旦按下提交按钮，就会显示精确得分。

现在，我需要保护逻辑 - 因此，用户不应该了解每个字段的影响分数。此外，用户不应该能够使用某些程序来播放这些值，并看看分数是如何变化的。

我正在考虑以下方法： / p>

1. 使用会话;


2. 保持服务器端当前的分数值;


3. 当一个字段中的值更改时，向具有更改的字段名称和新值的服务器发送请求;服务器端的
   
4. 验证发送上一个请求时，如果时间差太小，则拒绝请求;


5. 服务器回复新范围并保存新值;


6. 与服务器的分数值（不要重新计算，以为是）。




有没有其他更好的方法？

解决方案

对于客户：



1. 将字段的数据发送到


2. 在您的客户端上放置约束，以便在发送新的请求之前等待服务器完成在步骤＃1发送的请求。 li>
   
3. 当服务器的响应返回时，检查字段上的值，如果与上次进行步骤1时相比有任何更改，请重新执行步骤＃1。



现在，对于服务器：



1. 当重新计算的请求到来时，计算新的分数，但是在将计算结果发送回客户端之前添加人为延迟。 （例如，在将回复发送回客户端之前睡眠1000 ms）



使用此策略，以播放这些值，而不需要有会话，并且不需要对每个传入的请求进行时差检查。





它会更好如果您以异步方式将结果发送回客户端，则可以使用 Channel API ，并将睡眠放入TaskQueue工作线程。这样，应用程序引擎调度程序不会认为您的应用程序需要产生大量的实例，因为您的请求处理程序展示的高延迟。




Let's say I have 100 fields in the html form. When all fields are filled in, some score is calculated and shown to the user (let's say the score value is from 0 to 3000).

When user changes the value in any field, we show him value range (0-1000, 1001-2000, 2001-3000), no detail score. But once Submit button is pressed, exact score to be shown.

Now I need to protect the logic - so, users shouldn't be able to understand how each field affect the score. Also, users shouldn't be able to use some program to 'play' with the values and see how score is changed.

I am thinking about the following approach:

1. use sessions;
2. keep on the server side current value of the score;
3. when value in one field is changed, send request to the server with changed field name and new value;
4. on the server side validate when previous request was send, if time difference is too small, then reject request;
5. server replies with new range and saves new value;
6. when Submit is pressed, server replies with server value of the score (do not re-calculate it, take as is). Don't reply on this too often.

Are there any other (better) approaches?

解决方案

For the client:

1. Send the data of the fields to the server and request for score calculations.
2. Put a constraint on your client so that it would wait for the server to finish replying the request sent on step #1 before sending a new one.
3. When the response from the server came back, check the values on the fields, if there is any change compared to the last time you were on step #1, re-do the step #1. If not, monitor the fields and go to step #1 when you detect any changes.

Now for the server:

1. When a request for recalculation come, calculate the new score, but then add an artificial latency before sending the result of the calculation back to the client. (e.g. sleep for 1000 ms before sending a reply back to the client)

With this strategy, you put a maximum rate for the user to 'play' with the values, without the need to have sessions and without the need to have a time-difference check for every incoming requests.

It would be even better if you send the result back to the client asynchronously, perhaps using the Channel API, and put the sleep into a TaskQueue worker instead. That way, the app engine scheduler would not think that your app need to spawn lots of instances due to the high latency exhibited by your request handlers.

这篇关于如何保护GAE服务器端的计算逻辑？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！