Home » Renegade Discussions » Mod Forum » MySQL with SSGM?
| Re: MySQL with SSGM? [message #433057 is a reply to message #433053] |
Sun, 18 July 2010 12:52   |
 |
TechnoBulldog
Messages: 15
Registered: May 2010
Location: Texas
Karma:
|
Recruit |
|
|
| reborn wrote on Sun, 18 July 2010 14:20 |
Is the plugin itself creating the database and tables and such, or are you manually creating that first, then allowing the plugin to use it?
Is the plugin multi-threaded? Does it need to be?
I don't know much about databases at all, really, let alone securing it. Would you need to make it so secure if the database was being access locally on the machine, and was not set-up for remote access to the DB?
|
No the plugin itself does not create the databases or tables. I'm not really sure what you mean by multi-threaded, but my guess is that it means to break it down into parts as not to cause lag? If that's the case, no, it doesn't, and I don't think it needs to. It's not a command that will be used a lot, the only thing it does is add something to a small table in a database.
I was kinda planning on it only working on one machine, but there is a username and password needed to connect. The only thing I'm worried about is injections, which I don't know a lot about, but I believe this is what they are.
Say you type !postnote <message> and the message gets sent to the database. The query would look something like:
("INSERT INTO messages(name, message) VALUES('%s', '%s')", pName.c_str(), M.c_str())
If someone typed !postnote hello the message stored in the database would say "hello". However, if someone was to type something like "!postnote '); DROP renegade;" the literal translation of the query would be:
("INSERT INTO messages(name, message) VALUES('hacker', ''); DROP renegade; ')"
Although there would be an error with that code, the basic principal of that is that they could control your database. If the above query didn't have an error, "DROP renegade" would have deleted the entire database, and that obviously wouldn't be good. If I can secure the database to only work with this account on 127.0.0.1 and escape the string (like add a \ before the quotation marks and whatnot) that eliminates two of the main ways they can get in.
Does that explain anything?
Cloud-Zone Gaming. Check it out.
^^ Awesome right?
|
|
|
|
Current Time: Sun Jan 26 19:12:09 MST 2025
Total time taken to generate the page: 0.00834 seconds
|
Search
Help
Members
Register
Login
Home
