Jump to content
Posted 21 May 2013 - 04:49 PM
Posted 21 May 2013 - 08:00 PM
Depending on your game, I tend to say no connection to the DB at all is best. If this is on a web client type game, I would say the PHP middle man solution is the most secure because it allows the server side to validate things without relying on the client to be correct. If, on the other hand, this is a standalone client in any language I suggest using a service oriented solution (though not directly REST style, you want a maintained session per client), the concept there is fairly simple, go take a look at Apache Thrift and the services generator. Basically the client has to send well formed "messages" which the service translates into SQL to be used against the DB and then the results can be filtered and sent back to the client.
This avoids exposing the internal information about the DB to clients. It avoids many cases of SQL injection or simply random SQL queries when the client is not supposed to be doing so. And it allows better hardening of the server since you can add more code to double check at anytime without rolling out new clients. A nice benefit, no need for any form of DB client interface at all, so slightly easier deployment.
Hope this gives you further idea's.
Posted 21 May 2013 - 10:28 PM
Ok, I'll check out Apache Thrift. It looks interesting