We get it. We use ad blockers too. But GameDev.net displays them so we can continue to be a great platform for you.
Please whitelist GameDev.net and our advertisers.
Also consider a GDNet+ Pro subscription to remove all ads from GameDev.net.
Jump to content
Subscribe to GameDev.net's newsletters to receive the latest updates and exclusive content.
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.
Posted 21 May 2013 - 04:49 PM
Posted 21 May 2013 - 08:00 PM
Depending on your game, I tend to say no connection to the DB at all is best. If this is on a web client type game, I would say the PHP middle man solution is the most secure because it allows the server side to validate things without relying on the client to be correct. If, on the other hand, this is a standalone client in any language I suggest using a service oriented solution (though not directly REST style, you want a maintained session per client), the concept there is fairly simple, go take a look at Apache Thrift and the services generator. Basically the client has to send well formed "messages" which the service translates into SQL to be used against the DB and then the results can be filtered and sent back to the client.
This avoids exposing the internal information about the DB to clients. It avoids many cases of SQL injection or simply random SQL queries when the client is not supposed to be doing so. And it allows better hardening of the server since you can add more code to double check at anytime without rolling out new clients. A nice benefit, no need for any form of DB client interface at all, so slightly easier deployment.
Hope this gives you further idea's.
GameDev.net™, the GameDev.net logo, and GDNet™ are trademarks of GameDev.net, LLC.