Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Submission + - Security for open source web projects 1

PoissonPilote writes: I'm currently developing a multi-player browser based game, using the good old HTML, Javascript, PHP & MySQL. Progress is good so far, and my number of players is slowly but steadily increasing.
At the beginning of the project, I decided to put the entirety of my game under the MIT licence, so that anyone could study the code or even start their own server for the game.
However, with the increasing popularity of my project, I am starting to worry about security issues. Even though I consider myself decent at web development and am pretty sure I'm not making any classic mistakes (SQL injection, cross-site scripting, URL forgery, etc.) I am no web security expert. I didn't find any relevant examples to compare my game to, as most open source games are written in a compiled language, and no web server is at stake in those cases. Some web developers friends told me not to release the source code at all, others told me to release it only when the game will be shut down- naturally I'm not satisfied by either of these solutions.

What approach does Slashdot recommend ?

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Security for open source web projects

Comments Filter:
  • You may want to setup a sort of "Bug Reporting" feature so that your users can easily tell you of bugs they find. There are many ways to go about this. I'm not sure of the details to your particular game but one suggestion would be to "reward" players for finding bugs by giving them bonus points/items within the game. This would encourage users to find bugs and help out with game stability. It may also help (Not sure if you already have this) to create a project page on sourceforge/googlecode. This will a

The intelligence of any discussion diminishes with the square of the number of participants. -- Adam Walinsky