Security

spiider · **Author**

I'm developing a system in amxx, and i use mysql and if someone decompile amxx file can see my password, and i want know how i can encrypt the password.

Sylwester · 02-16-2010 , 11:17 Re: Security

Don't hardcode password for mysql in plugin. Retrieve it from cvar (the same goes for host, username, database name) and in this case you just need to make sure that noone can see your server config files.

Also if you give someone your plugin then you must provide source code.

spiider · 02-16-2010 , 11:22 Re: Security

I want encrypt because some can hack game server host and try decompile.

Sylwester · 02-16-2010 , 11:31 Re: Security

If your game server host can be hacked, then it suck. Find better one.

If you want to make sure that nobody will be able to retrieve your password from server even if they get access to files, then you will probably need to make your own module...

spiider · 02-16-2010 , 11:35 Re: Security

well i'm go try make my own module

.
The big problem is my plugin will be used by other persons who want use my gather system.
I'm think in make plugin with http requests, but if have alot of servers connected at same time will be have others problems.

spiider · 02-16-2010 , 13:58 Re: Security

i have check source code of mysql module. And i'm try find where i need put the info of connection for later recompile.

Exolent[jNr] · 02-16-2010 , 16:05 Re: Security

Use some method to encrypt your password.
Then use that in the plugin.
On plugin start, you can decrypt your password with a reverse method of what you used to encrypt it.

Sylwester · 02-16-2010 , 16:18 Re: Security

How is this supposed to help if he is worried about decompiling his plugin? If someone can decompile it then no matter what kind of encrypt method you use, that someone will be able to retrieve orginal password.

I would suggest something else: Don't store password on your server, but retrieve it from website or database that answers only to requests sent from your game server ip...

Seta00 · 02-16-2010 , 17:01 Re: Security

Quote:

Originally Posted by Sylwester

If your game server host can be hacked, then it suck. Find better one.

If you want to make sure that nobody will be able to retrieve your password from server even if they get access to files, then you will probably need to make your own module...

And you can always decompile the module.

Sylwester · 02-16-2010 , 17:10 Re: Security

Wouldn't that be harder than decompiling .amxx?