Hi I just started programming in dark basic I have had very good luck so far coming from PHP I picked up cattle rustlers MYSQL plugin and got it up in a jiffy and my game started to connect and recieve information from my database in texas.

But I wonder is there a security issue with having a client I plan to distribute having access to the DB (very limited access) would people be able to cheat or get the password I am more curious on the security features of external connections to MYSQL. I have done alot with mysql in the web and commercial world but never in a game before any help would be much appreciated

I think you would have to use SSL or some such protocol to encrypt the traffic and stopp it being sniffed but you should also consider having the client talk directly to the database somone could still grab the password from the variables in memory using [various apps].

I would put a server between the client and a local SQL database so the whole database can't be compromised!

client(internet) -> server(local) -> database(local)

Where the password is passed from the dbpro exe to the plugin is another potential problem.
It's not difficult to swap a dll in a dbpro exe with another one. The replacement dll could pop up a message box showing the password instead of using it to connect to a database.

I'd also be a little concerned how query strings where handled.
If you did something like this to check a username + password before loggin a user on.

Someone may be able to open the exe in a hex editor, find those strings and change the values to alter the query.
If you found and altered
" and pass = "
to
";--d pass = "
You would end up with
select * from users where name = 'someuser';--d pass = 'somepass';
Now the user gets logged in without needing a correct password.

Probably very few people would know how and have the inclination to do either but it's what they could do if they did that would worry me. Getting the password would allow them to connect with another password and do whatever the user had knowledges to do. That would presumably include reading and manipulating others data.

ha, a mod or something edited my post to [various apps]

that was me GatorHex, sorry but at least we can make the hackers work for it a little, ya know?

No hard feelings, if thats the policy, but i personaly think the best defence is always knowledge so you know what your games are up against.

- don't push meeee!