Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Dark GDK / Multisync and MySQL

Author
Message
Drowneath
15
Years of Service
User Offline
Joined: 22nd Jun 2009
Location: In your eyes
Posted: 25th Jul 2009 11:31 Edited at: 25th Jul 2009 11:53
Link
Hello there,

I have a big confusion on using Multisync as the server and MySQL as the database server.

In the login screen in the client side, I made a direct connection from the client to the MySQL server to check whether the entered username and password is valid or not. I also stored my MySQL username and password in the client, in order to connect to the sql server. Is it safe to do so?



Is it possible for the client to request a login validation to the server (so that the server will check for the login and returns a response)?

Something like

Perhaps?

Recently I was thinking of hosting an apache server along with the sql server, and validate the login through web request using libcurl.

Any kind of help would be appreciated

Thanks.

note: I'm new to Multisync, so don't bother me
Back to top
Profile PM Email
Mireben
16
Years of Service
User Offline
Joined: 5th Aug 2008
Location:
Posted: 25th Jul 2009 12:58 Edited at: 25th Jul 2009 13:04
Link
Quote: "stored my MySQL username and password in the client, in order to connect to the sql server. Is it safe to do so?"


Safety has many levels and it's up to you to decide what is "safe enough" for your application. What is good for a game, is not good for managing your bank account. Really, you need to consider the purpose of the program and how great damage (if any) others can do if they get access in your name.

Quote: "Is it possible for the client to request a login validation to the server (so that the server will check for the login and returns a response)?"


If you are connecting to a MySQL server, then it is always the MySQL server that validates the login. If MySQL is running on another machine than the client, then the login data will be sent over the network. (I haven't used Multisync but I have used MySQL connections over the network with Apache+PHP.)

EDIT: How you implement the login system is again dependent on the purpose of the program, if it will have several users or just you, etc.
Back to top
Profile PM
Zuka
16
Years of Service
User Offline
Joined: 21st Apr 2008
Location: They locked me in the insane asylum.
Posted: 25th Jul 2009 13:22 Edited at: 25th Jul 2009 13:22
Link
Do not ever allow clients to directly connect to your database. If its on their computer, they'll find a way.

In fact, if it's stored as a string, all they have to do is open the .exe in Notepad or something.
Back to top
Profile PM
prasoc
15
Years of Service
User Offline
Joined: 8th Oct 2008
Location:
Posted: 25th Jul 2009 15:58
Link
Quote: "Do not ever allow clients to directly connect to your database. If its on their computer, they'll find a way.

In fact, if it's stored as a string, all they have to do is open the .exe in Notepad or something. "


Take that advice. That is one of the best pieces of advice I have heard in a long time. Think that ALL of your clients are trying to hack your database


Your signature has been erased by a mod
Back to top
Profile PM Website
Zuka
16
Years of Service
User Offline
Joined: 21st Apr 2008
Location: They locked me in the insane asylum.
Posted: 25th Jul 2009 16:26
Link
Yay, I feel helpful.
Back to top
Profile PM
Back to top

Login to post a reply

Server time is: 2024-10-01 08:49:01
Your offset time is: 2024-10-01 08:49:01