koobas.hobune.stream
Unity to PHP/MySQL: password and username security
Hello everyone!, Im making a connection between a Unity webplayer and a PHP/MySQL database.
Where should i place my database info such as the password and username(the ones that you need to log-in into a database)?
Should i put it directly into my PHP script? what if someone found out the URL, is it possible for them to sneak into the PHP codes?.
or I should put the info in the Webplayer Build as a public variable(enter the value through Inspector)?
If you put it in the php code, it doesn't leave the server.
Use the mysql_connect("localhost", username, password); command to create a connection to your database in a php script. I use a seperate connect.php file, which you can then include in any php script that needs to connect to the database.
Putting the database connection info in the webplayer or stand-alone would be a very bad idea. This would mean that you have to transfer that information from the clients machine to the webserver. Anyone using your build and anyone able to intercept the connection would be able to sniff out your database login.
yes, but isn't everyone can view the source page of URLs? like an html file on browsers.
no, not with php, its an html generator, so it will connect to the database & then process its data to HT$$anonymous$$L, so the actual php code (where the pass is) will never be show to the net (as far as i know)
PHP is server side code, HT$$anonymous$$L, CSS and JavaScript is client side code. Server side code is processed on the server only and is never visible to the user (client). In other words, PHP creates results (echo "hello world"), echo is server side, hello world is client side.
Badger and Superme are all right. If you uploaded a pure PHP file (no html) to a server, and then viewed the URL, nothing will show up, even if you view the source code, you wont see any of the PHP... Ever!
If you include HT$$anonymous$$L into your PHP file, then the viewer can ONLY view the HT$$anonymous$$L code, again, never the PHP.
The only way a user can see your PHP source code is if the user actually gains access to your server files somehow (illegally).
