• Hey Guest! Ever feel like entering a Game Jam, but the time limit is always too much pressure? We get it... You lead a hectic life and dedicating 3 whole days to make a game just doesn't work for you! So, why not enter the GMC SLOW JAM? Take your time! Kick back and make your game over 4 months! Interested? Then just click here!

Android How to load and save data best way (local versus web/db)?

T

Traversal

Member
What do you think is the best way to save and load data for a mobile game?

Local:
Once saved inside some ini file the user might manipulate the data?!

Web/ Database:
There might occure ioexception (how to handle them best?) or the user might intercept and replay post/get commands in the https call?!


I am so unsure how to implement it the best way. I could add some encryption and salt, but is it worth it?
It might happen the user has no internet connection (or it drops mid game). Strange errors might appear :(

Can someone explain how he/she solved this on his/her end? Maybe I am thinking too complex or missing
some important points in loading and saving logic?
 
Mr Magnus

Mr Magnus

Viking King
That kind of depends on what your priorities are. Is there a reason why you want to explicitly prevent people from manipulating the data? Is there something to be gained from it beyond the obvious "they get further in my game without doing any work?".

Intercept and replay attacks are a mostly solved problems. Look up a relevant article on the internet. Things like impotency codes, one-time cycling passwords, or server validation can make replay attacks much less effective.

Exceptions are solved with try/catch blocks and proper error handling.

The issue of the user being offline can be solved by storing a local state and then synchronizing it with the server once the player connects again.

However you need to establish what your goals are and what you're trying to prevent in order to answer this question. What do you want to do, and why do you want to do it?
 
poliver

poliver

Member
Anything stored locally can be easily cracked by someone who knows how to read the hardware. Simple encryption will prevent script kiddie riffraff though.
Online verification is safest bet but it's harder to setup properly and in most cases it's just not worth it unless you're dealing with paid dlc content/online leader boards and similar stuff.
 
T

Traversal

Member
Thank you for the reply. I will consider this :)

I do (currently) not care too much about people gaining/cheating more gold or progress inside the game,
as it needs to find a bigger audience playing it, to cover this part and prevent it, but....:


Storing data inside the local ini file AND saving it on the web-database at the same time
might be my best choice?! What do you think?

Lately I came across some problems while the http_get did not pass through and forced the ioexception.
E.g. calling for the current amount of gold from the database on my server failed (user had no internet at that moment of the call)
and the http async received "ioexception". What is the best way to handle this?

Should I check against the string "ioexception" in the result for the http_get() call and
load the (latest) local ini file value for gold instead?

How do you guys handle it?

First possible solution I have found:



GML: 
if (ds_map_find_value(async_load, "id") == get_gold_call)
{
    if (ds_map_find_value(async_load, "status") == 0)
    {
        text2 = string(ds_map_find_value(async_load, "result"));
  
  
        if (text2 == "IOException" or text2 == "")
        {
            text1 = "Please check your internet connection...";
            global.user_gold = 0;
        }
        else
        {
            text1 = "Ready";
            global.user_gold = real(text2);
        }
    }
}
 
Last edited:
You must log in or register to reply here.
Top