11-19-2020, 06:48 PM
I am dipping my toe in sql lately. My goal is to extend the games I've been working on with multiplayer functionality. I've had some success, but it's a steep learning curve as I'm not well versed with php or sql, the systems being used to integrate the database with the client.
While I experiment with new and interesting ways of organizing user data to enhance the gaming experience, I've got my thoughts centered on security. To have a multiplayer game, I need a way to identify different users, and each must be unique. This necessitates a user database, and means that I'll have to maintain user data and keep it safe while being able to access it and transmit it over the interwebs as needed.
Here's what I've tried so far:
After a great deal of thought, I decided to create a wordpress site to start the database. While probably not the most secure option, it is "the industry standard" as the most popular cms in the world, and with many minds working on it, it's probably better than anything I could come up with on my own on the fly.
Wordpress does make the effort to hash passwords before storing them, and there are numerous plugins to extend security, and regular updates: which I feel good about.
Next, I create my php scripts. The php scripts take a POST response over https and use it to move data into the database. The output is passed as JSON back to the client.
I am by no means an expert in security, but I did make some effort: I made sure to use PHP VALIDATE filters and on all user inputs. But I've noticed after hours of research that there are a ton of topics on this subject, more than I could ever read; which makes me wonder: What's the best way to go about it? It's like buying shampoo... how do I know what's the best shampoo when there's a whole aisle full of options, more than I could ever try?
I'm still a little apprehensive about transmitting user data over the internet, and would like to keep considering other options to increase security and safety for myself and others.
I have thought of creating a login token that would expire after a time; an hour or two? This could become tedious for the end user, but I'm less anxious about transmitting a randomly generated token than sending a user name/password, and expiring tokens would limit the opportunities for cheating. I could even bind each token to an ip although some users might not appreciate having their ip stored :/ I think there is no perfect solution. I need to focus on finding the best solution for my particular scenario.
After all that, here are the questions for any who might have an answer, and wish to extend the discussion:
1. At current, how "safe" would my operation be? I know that no system is completely secure, but can I proceed with relative confidence that I've made a solid effort to protect the integrity of the data?
2. If not, what other systems should I consider putting in place? What search terms can I put in google to return the topics I would be well to learn?
While I experiment with new and interesting ways of organizing user data to enhance the gaming experience, I've got my thoughts centered on security. To have a multiplayer game, I need a way to identify different users, and each must be unique. This necessitates a user database, and means that I'll have to maintain user data and keep it safe while being able to access it and transmit it over the interwebs as needed.
Here's what I've tried so far:
After a great deal of thought, I decided to create a wordpress site to start the database. While probably not the most secure option, it is "the industry standard" as the most popular cms in the world, and with many minds working on it, it's probably better than anything I could come up with on my own on the fly.
Wordpress does make the effort to hash passwords before storing them, and there are numerous plugins to extend security, and regular updates: which I feel good about.
Next, I create my php scripts. The php scripts take a POST response over https and use it to move data into the database. The output is passed as JSON back to the client.
I am by no means an expert in security, but I did make some effort: I made sure to use PHP VALIDATE filters and on all user inputs. But I've noticed after hours of research that there are a ton of topics on this subject, more than I could ever read; which makes me wonder: What's the best way to go about it? It's like buying shampoo... how do I know what's the best shampoo when there's a whole aisle full of options, more than I could ever try?
I'm still a little apprehensive about transmitting user data over the internet, and would like to keep considering other options to increase security and safety for myself and others.
I have thought of creating a login token that would expire after a time; an hour or two? This could become tedious for the end user, but I'm less anxious about transmitting a randomly generated token than sending a user name/password, and expiring tokens would limit the opportunities for cheating. I could even bind each token to an ip although some users might not appreciate having their ip stored :/ I think there is no perfect solution. I need to focus on finding the best solution for my particular scenario.
After all that, here are the questions for any who might have an answer, and wish to extend the discussion:
1. At current, how "safe" would my operation be? I know that no system is completely secure, but can I proceed with relative confidence that I've made a solid effort to protect the integrity of the data?
2. If not, what other systems should I consider putting in place? What search terms can I put in google to return the topics I would be well to learn?