[gameplayonline]

I think solution can be add mysql user full rights but access only to tables what we need in database but im not expert to mysql and im not sure if is it possible. If have somebody tutorial to this we will tahnksgiving for that.
And we will create different users for every partner and this will fix problem with visible login details.

[KiLLeR.]

Quote:

Originally Posted by Ex1T (because they will see MySQL access data in sql.cfg file) so they can connect to PhpMyAdmin and see passwords, delete all database, editing database etc.

I got an idea. Why not hardcode the db password in plugin itself instead of using that in sql.cfg?! And don't upload plugin sources to the game server, so the another partner won't be able to see that password.

[fysiks]

Quote:

Originally Posted by gameplayonline I think one solution is to recode amxbans to use encoding like md5 but for reason we need allow editing or deleting bans DB user must have right to modify or delete tables and i think he is able to code his own password to md5 and replace amxbans master admin password in db and get access to banlist with full access rights... We need allow show, add, edit and delete bans and for this reason we must know which functions mysql user needs.

MD5 don't do anything here. The user should not need to create or delete any tables. At most, they will only need to read and write entries to the predefined tables.

Even better is to have the non-owner accounts only able to write ban to the table. Then, if bans need to be removed, they can send a request to the owner to remove them. I think this is the best solution.

Quote:

Originally Posted by KiLLeR. I got an idea. Why not hardcode the db password in plugin itself instead of using that in sql.cfg?! And don't upload plugin sources to the game server, so the another partner won't be able to see that password.

It is extremely easy to get any text from the compiled plugin.

[gameplayonline]

Ok we have created user with rights SELECT, INSERT to table amx_bans i think we need too right SELECT for table amx_amxadmins where is admin list to sucessfull admin connect on server... We will test it today now i try use logic...
When we have function SELECT on table amx_amxadmins i think is possible to get other admin details like username/passwords to servers where some owner dont have rights...
Are you see any solution to this?

[DjSoftero]

Quote:

Originally Posted by fysiks MD5 don't do anything here. The user should not need to create or delete any tables. At most, they will only need to read and write entries to the predefined tables. Even better is to have the non-owner accounts only able to write ban to the table. Then, if bans need to be removed, they can send a request to the owner to remove them. I think this is the best solution. It is extremely easy to get any text from the compiled plugin.

he said to hardcode it...

[fysiks]

Quote:

Originally Posted by DjSoftero he said to hardcode it...

Quote:

Originally Posted by fysiks It is extremely easy to get any text from the compiled plugin.

[DjSoftero]

this won`t do it?

PHP Code:

new c, d, e, g
new ae[5]
ae[0] = e
ae[2] = d
ae[3] = g
ae[1] = c 


and like throw it all over the place

yeah, if a person rly wants to know it, he can dig it up eventualy. nvm

[gameplayonline]

He can get server admin passwords from other servers from mysql database too...

[KiLLeR.]

If every server add its own table for admins and don't give access on your ally to tables from your servers?

[fysiks]

Quote:

Originally Posted by gameplayonline He can get server admin passwords from other servers from mysql database too...

There's a problem right there, admins shouldn't be authenticated by password.