How secure or unsecure would it be to develop an MMO that makes ADO calls? If decompiled, the connection string would be exposed. What is the best way method of tracking a users position, etc.
Asked
Active
Viewed 177 times
0
-
That'd presume you've actually made your database accessible to the world, which is a majorly bad idea. Do you think that Blizzard has their Oracle database that runs World of Warcraft exposed to the world to pound on directly? – Marc B Jun 23 '12 at 04:35
-
Thank you for the reply marc. I don't. I am looking for the secure way of doing this. Since its a client, and not a web app.... it would required the sql server to be outside the dmz. should the client call a web service? How else can I do this. – Isabelle Harms Jun 23 '12 at 04:36
-
2The client should connect to another program running on the server, and only the server program should connect to the database on the server. Clients should never connect straight to the game's database. – William Lawn Stewart Jun 23 '12 at 04:51
-
2You would need to have a server-side app that the client-side talks to. The server-side app would talk to the DB (which would remain behind the firewall) – Jason Dean Jun 23 '12 at 04:51
-
I understand. such as a web service.... or wcf? – Isabelle Harms Jun 23 '12 at 04:59
-
yes such as a web service or wcf – Jeremy Thompson Jun 23 '12 at 05:03
-
What you are describing is horribly insecure. You are just allowing the attacker full access to your database. Have you ever heard of SQL Injection? Well this is worse. – rook Jun 23 '12 at 21:01