So say I want to implement a Highscore feature in my game, which should work globally on the internet, I mean what would be the point otherwise… :0
is there any way or place I can easily do this, without renting a server just for highscores ?
Nope.
I do have a webserver/space for our website…
if I create a table on the database on there, and connect from the game… could work
of course my fears are: bandwidth and storing my password somewhere in my game :persecutioncomplex:
Couldn’t you just use an old laptop that you constantly plug in somwhere at home as a server?
It would definatly work with your webserver 
And yeah, you’d need to create a table or something like that.
Bandwidth shouldn’t be a problem,
and I’m not sure what you’re talking about with the password… But yeah, security is always a problem.
Well you can’t just host a server from your home; you gotta call your ISP and setup shit.
To connect to the database in the first place you gotta log in, hence my game code has to log in, which means the password for the database would be hardcoded in the game…
Or you could make an API that your game calls with some game data, then that data gets verified and placed in your db. No need for storing any passwords. 
Just something like:
POST: /store_highscore.php?name=foo&score=bar&otherdataforverifyingthehighscoreisvalid
normally you can, it is just a matter of configuration of your home network ( port forwarding if you are behind a router ) … except if your ISP have put some limitations. In Frence the only limit is the bandwidth.
But anyway if you already have a website hosted somewhere, it’s better to use this hosting I think.
The idea would be that your game would send an HTTP request to the webserver ( sending all the data you want to store ) and the webserver will act as usual, connecting to the database, store the data and so on. Your database password will then not be exposed.
… then the only problem remaining is how to fight cheating ( anyone could send an HTTP request to store fake highscores … )
cheating and sql injection would be things to consider
although it seems that even AAA game highscores have cheaters so…
in theory I would use POST to submit the data and a special key to prove that its genuine…
in practice I have no idea how to do this in Java… the most I ever did was downloading a file
you could try google app engine.
It’s a free web server, so you could everything u want.
Of course they have restrictions for the free use, like only so much bandwith per month etc., but I guess this should be enough for a small game.
sql injection is to be considered for any HTTP request
If you find a solution for the special key, please tell me Because as java can be easily decompiled, I can’t see how to generate safely such a special key in the game.
otherwise, sending an HTTP request is as simple as that :
public static String sendHttpRequest(String strUrl, String data, boolean needResponse) {
String res = null;
try {
URL url = new URL(strUrl);
URLConnection urlConnection = url.openConnection();
urlConnection.setDoOutput(true);
OutputStreamWriter wr = new OutputStreamWriter(urlConnection.getOutputStream());
wr.write(data);
wr.flush();
BufferedReader reader = new BufferedReader(new InputStreamReader(urlConnection.getInputStream()));
if (needResponse) {
StringBuilder sb = new StringBuilder();
String line = null;
while ((line = reader.readLine()) != null) {
if (sb.length() > 0) {
sb.append("\n");
}
sb.append(line);
}
res = sb.toString();
}
} catch (Exception e) {
e.printStackTrace();
}
return res;
}
where data is in the form key=value&key2=value2 …
keys and values have to be encoded :
public static String encodeParam(String paramName, Object value) {
String res = "";
try {
res = URLEncoder.encode(paramName, "UTF-8") + "=" + URLEncoder.encode(String.valueOf(value), "UTF-8");
} catch (UnsupportedEncodingException e) {
throw new RuntimeException("can't encode parameter : "+paramName, e);
}
return res;
}
Ah, works beautifully
I’m quite interested in security aspects, but right now for this problem, I think it would be overkill and waste of time to invest into security.
Well at least as far as cheating goes… SQL injection could really screw my database up
How about www.gamejolt.com ?
Either way, I do my own hosting and I’ve written my own server in Java that takes and stores high scores. I also did not need to contact my ISP for anything, I just used DynDNS to have a constant domain to my ever-changing IP address and it works beautifully
On android you can have Swarm or Scoreloop (don’t use OpenFeint, it’s sent from hell >:( )
On desktop, I only know gamejolt but I really believe there are more out there.
Create a SQL User.
GRANT that User INSERT on your Highscore-Table. Maybe UPDATE if you just want one entry per user.
Use a System like Minecraft -> Username and Password for Game needed (Maybe only at the point where the Highscore gets sent).
When the Highscore is to be submitted -> send score along with username and pw (and other data to be stored) To a php script. If valid credentials -> store in Highscore DB, if not -> give client signal to explode.
SQL Injections and cheating on Client-side are things that have to be considered always and everywhere.
PS.: SQL Injections can be dealt with when you escape characters per default and perform validity checks on the values. If a score consists of anything else than numbers its rubbish for example (depends on your game of course). But how you could deal with cheating -> no idea
Never build SQL statements from user input but use statement objects and injections are not an issue.
Just use GAE. It’s free, and there’s no SQL involved in the database.
There’s also nothing you can do to stop determined cheaters. Consider whether you really want a global scoreboard at all in light of that.
It’s not that hard to port forward… If you use AT&T you can do it all by yourself. Other than that, i dont know. And it would be better for something like high scores to be stored in a databased and accessed through a PHP script over HTTP, honestly.
I ended up doing that. Code is already done, the applet version of Black Nebula has it implemented.
But the libgdx input thingy is… a little clunky on non android systems =P
doesnt even work in fullscreen since its this dialog thing
Well I think it depends on what kind of game you’re making. If its something like Call of Duty, probably shouldn’t use the method I described above. If its a fairly static game, PHP would be legible. I guess its from what kind of perspective you see it from.