James posted on this topic after watching a presentation at OWASP’s local Hartford chapter meeting last week. It was buried halfway down in the post, but it asked a great question:

Do they really think that their silly little architectures that support 500 users concurrently is somehow more challenging than implementing an architecture that supports 2 million concurrent?

It is a damn good point. The playground for these applications is different, but the same issues arise. I’ve played a few online games in my day and have seen the ups and downs of their implementations. I think I’ll throw in my opinion on two of the items for comparison, performance and security.

Continue reading →