AlliedModders

AlliedModders (https://forums.alliedmods.net/index.php)
-   Scripting Help (https://forums.alliedmods.net/forumdisplay.php?f=11)
-   -   How to make MySQL Query secure? (https://forums.alliedmods.net/showthread.php?t=183108)

STr!ker 04-17-2012 12:06

How to make MySQL Query secure?
 
Hello folks,

i have written a Plugin which saves the money of eachs player and give the money back after the rejoin the server. All works with a MYSQL Query.

One Day a player come to me and wrote me this:

Quote:

str_004 string "" ->host
str_005 string "" ->user
str_006 string "4rj" ->password (deletet ;) by me now! )
str_007 string "h" -> DB
This was deleted by me ;) And this has he written me:

Quote:

str_008 string "player"
str_009 string "hfw_plrSpawnPost"
str_010 string "MySql_Init"
arr_002 array 2 fill 0x0
str_011 string "[Money Lost!] Player %s (%s) hat %d Geld verloren!"
str_012 string "give_money"
str_013 string "CREATE TABLE IF NOT EXISTS money (steamid varchar(32), name varchar(64), money INT(12))"
str_014 string "SELECT * FROM `money` WHERE (`money`.`steamid` = '%s')"
str_015 string "register_client"
str_016 string "Load - Could not connect to SQL database. [%d] %s"
str_017 string "Load Query failed. [%d] %s"
str_018 string "ID_PENDING"
str_019 string "SELECT * FROM `money`WHERE (`money`,`steamid`= `%s`,`money`= `%d`)"
str_020 string "`"
I donīt know how he has get all data, included the right password, but he donīt wanted to say more. He just has said, that he has sniffed the server.

I donīt want to post the plugin, because it is private work. If someone want to see some parts, he should PM me ;)

EpicMonkey 04-17-2012 12:32

Re: How to make MySQL Query secure?
 
str_018 string "ID_PENDING"

hmm ...

Backstabnoob 04-17-2012 12:54

Re: How to make MySQL Query secure?
 
Nobody will help you if you don't want to show your code and also non-steam isn't supported here.
You can take a look at this: http://www.amxmodx.org/funcwiki.php?go=func&id=1182 however there isn't a format-only function that returns the output into another string. Not sure why there isn't one, but someone has probably done a function like this before.

Exolent[jNr] 04-17-2012 13:03

Re: How to make MySQL Query secure?
 
I'm guessing you are sharing a compiled plugin without giving the source, and you want them to not be able to decompile the plugin and see your MySQL connection information.
AMXX is an open-source community, so you should provide the .sma file where you give the .amxx file or just don't let the .amxx file leak.


All times are GMT -4. The time now is 07:49.

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.