Table of Contents
This section describes a possible method for allowing BigWorld functionality to be integrated into a web server by making use of the web service interface described above. It uses a Linux-based Apache web server setup using PHP (related to the LAMP architecture) and interfaces to the BigWorld service via the TwistedWeb service. It assumes familiarity with concepts presented in the document Server Programming Guide.
The following diagram shows the standard cluster model, shaded, on the left-hand side, as well as an example of a web integration implementation using an Apache server to provide a web service. For security, ServiceApps will usually not be connected to the internet. Web clients will access the service via the Apache web server, which will communicate with one of the ServiceApps configured to provide the Service. There will usually be multiple ServiceApps providing each Service, for the purposes of load balancing and fault tolerance.
Example configuration of a web service
It should also be noted that while accessing the TwistedWeb service in this way is common, there are many other uses for the TwistedWeb service. Examples include custom administrative tools and statistic gathering scripts.
Web security should be a part of all web applications. Therefore, when implementing a BigWorld-aware web application, care must be taken to ensure that users are not able to access privileged information or have unlimited privileged access to the game script interface.
From a low-level security point of view, Apache supports HTTPS transport that is transparent to modules used for PHP. For details on how to enable this feature, see the Apache documentation.
From a scripting point of view, much of what is relevant to other web applications with regards to security applies equally to BigWorld-aware web applications. Because the web integration module must be run inside the cluster, care must be taken when designing interfaces to the game. For example, the standard for web applications is to not expose the database backend to users by giving them access to executing raw shell commands or SQL statements. In the same way, do not give users inappropriate privileged access to the BigWorld backend by giving them the ability to run arbitrary script commands. The web integration module does not have the same concepts of Areas of Interest or client controlled entities, so extra care must be taken when accessing game state using this interface.