koobas.hobune.stream
Authoritative Server With MySQL
Hello, I've read that having your project connect to a MySQL server directly is un-secure, but I am wondering if it is still un-secure if you make the server enter the db connection info at server start (Like in a GUI) so that the connection info is not built directly into the game. I'm basically wanting to serve a game on my local machine, and use a local MySQL database. Basically what i'm wondering is if the clients dont have my database connection information, is there any way that they could get it just by being connected to my server?
A common way to address this is to write a server-side script (eg in php) that takes a form submitted to it, looks for key-value pairs, sanitises the values to protect against SQL injection and invalid data, and only then inserts or updates records in the database (or returns an error that your game should handle, eg invalid data like health being negative, etc).
You might also want to encrypt the data sent, to help prevent arbitrary form submissions not from your game. But I'd only do that if your game gets popular enough to make that a reasonable risk.
As I understand it (and I could be very wrong) the Authoritative server is used to verify that the data the client is sending is valid or not. So I guess my question is, wouldn't you rather have the clients sending their data to the server, the server verifying the data is valid, and then the server submitting the verified data to the database rather than having the clients modifying the database directly?
