Download

Database credentials inside the client

Hello everybody.
I was making an online game and I was performing the database. Looking around the forum I saw a lot of people speaking about php and JSON requests. I found a plugin called “MYSQLConnectorUE4 Plugin” that make a connection between client and database using blueprints.
My quesion is: The credentials of the database as username, password, host are inside the blueprints so inside the client, but is this way secure for the credentials of the database? Can’t somebody stole that after that I package the game? Thank you.

It is not secure at all and should be avoided under all circumstances. Even if you use a dedicated server model, you still have database credentials sitting inside your application and this can potentially be a huge security risk.

The correct way of addressing this is to use a RESTful (or other type of web-service). Run your web-service off HTTPS and then ensure you have some type of encryption on your payload as well as a one-way encrypted checksum to ensure no data is modified during payload delivery. Your web-service should then do all payload validation and data verification before is hands the data off to your database for storage or retrieval.

No matter what anyone says, whether you encrypt the credentials or even only use read or limited access credentials, storing this type of information inside an executable that you have no control over anymore (because it will be distributed to many potential users) is bad practice. Also remember that every client will now open a connection to your database server and depending on how many clients you have, you could end up running out of sockets on your server hosting the database … which is bad.

By using a web-service you are able to scale your solution out and the clients will only ever have an HTTPS connection to your web-service which is what it is intended to support and you can literally handle exponentially more connections. Your web-service should also incorporate database connection pooling as well.

Thanks for you reply.
I made the dedicated server using this guide:

This guide explain how to make the server, so I compiled the modified source with the new file “PROJECTNAMEServer.Target.cs” and now I have a file called “PROJECTNAMEServer.exe”, but, where are the files to modify that?
I prefer to make this kind of connection:
Client -> Server -> DB -> Server -> Client