Databse & C++?

Discussion about everything. New games, 3d math, development tips...
fra
Posts: 14
Joined: Thu Apr 13, 2006 6:36 pm
Contact:

Post by fra »

okay
so do you think there is an other method to connect myself on my website database (different from ETNA's method wich use a php interface)
KIC : frateamkic.info
(i'm frensh so scuse me for my english ...)
Spintz
Posts: 1688
Joined: Thu Nov 04, 2004 3:25 pm

Post by Spintz »

You could change the "access list" for the database on your webserver, to allow connections from your IP address. But most likely your IP address changes, so that would be a pain.

Also, if you're distributing your application, and expect everyone that downloads your application to access your database, you'd never be able to manage that so you'd have to allow all hosts access to your web server databases. I'm not sure what kind of webserver you have, but if it's CPanel and most likely MySQL, the access hosts are alllowed for all databases, as long as they know the username / password. I'm not sure if MySQL/Cpanel or some other database would allow you to setup access hosts for each database.....that would be cool.
Image
fra
Posts: 14
Joined: Thu Apr 13, 2006 6:36 pm
Contact:

Post by fra »

so it seems that i should still use ETNA because the user can't access directly to the database (he can only do what php pages do :lol: ). But unfortunatly this way i must work on the server (creating php pages) and on the client (code the ETNA interface) :( . And if someone discorvers the php pages and their url's codes he would be able to do what he wants (with his character caract for example); that's what i do for some tests :roll: .
But one major advantage of this library (i think) is that with some cheats you can make an application wich would be adapted if the server's database need some changes ...
KIC : frateamkic.info
(i'm frensh so scuse me for my english ...)
Spintz
Posts: 1688
Joined: Thu Nov 04, 2004 3:25 pm

Post by Spintz »

Well, I may be wrong here, but PHP is server side scripting. So you cannot "download" php code. The web server in response to a wget, or HTML get command for php code, will parse the PHP, generate the HTML and only deliver the HTML code to the client.

Is there some trick to getting the raw PHP code from a webserver I don't know of?
Image
fra
Posts: 14
Joined: Thu Apr 13, 2006 6:36 pm
Contact:

Post by fra »

No you're right. The client doesn't "get" the php pages code, he read the html code générated by them. The php is used because it's easy to connect and exchange datas with a database in this language. Let's have just an example.
If i want the client get his character datas (size, name and so on). Whe can ask ETNA to connect on a php page. For example: "http://mywebsite.com/GetCharacterDatas. ... =TheClient"
The php code will get the "user" variable and while print out ( with the "echo" function for example) all the datas a character has. ETNA simply read the text generated by this page.
i hope i was understable (if this word exist in english :roll: ).
KIC : frateamkic.info
(i'm frensh so scuse me for my english ...)
Spintz
Posts: 1688
Joined: Thu Nov 04, 2004 3:25 pm

Post by Spintz »

Yeah, I understand PHP. I was trying to figure out how you were worried someone could do what they want with the PHP pages, if they discover them?
Image
fra
Posts: 14
Joined: Thu Apr 13, 2006 6:36 pm
Contact:

Post by fra »

ok, in fact they will not do what they want with the database but they'll can for exemple cheat their own player datas (for example if the game use a page like : "http://mywebsite.com/SetCharacterPower. ... ent&Power="
the user can use it by passing a 100000 value in argument :? ). That has a limited impact but it's unsecure ...
KIC : frateamkic.info
(i'm frensh so scuse me for my english ...)
strale
Posts: 119
Joined: Wed Nov 23, 2005 1:58 pm
Location: Lambrugo Italy
Contact:

Post by strale »

Hi

I too i used PHP to show database fields on webpages.
I think it could be danggerous but sometimes i belive one could want to take the risk. I am not an expert about haking
it would be very useful to have a way to direct access to the PHP script :P but i think the only way is a bug/ bad configuration in the webserver :(

I give a fast look to ETNA and looks very cool as let you customize the PHP script to restrict access to the database and set what to exchange with its client *.dll
in the example tutorial i see "ETNA_encript" so data exchanged is encripted ? and a sniffer on the port could see nothing, am I right?


the ODBC and windows api that we were writing are at a lower level, PHP use its own access to the database or also ODBC too but in his case the win api are used by PHP sintax.

Bye
fra
Posts: 14
Joined: Thu Apr 13, 2006 6:36 pm
Contact:

Post by fra »

yes ETNA can use encription system as you can see in the examples. This way the hacking would be most dificult :wink: . But it is still possible ...
about reading php pages script, i think it is possible if you can read the page as a simple text document, which is only possible on the server, so i don't see how to do that in the client side
KIC : frateamkic.info
(i'm frensh so scuse me for my english ...)
Post Reply