[MUD-Dev] Database vs. Disk

[Kwon J. Ekstrom]

Marc Bowden wrote:
> --On Thursday, June 19, 2003 15:28 -0600 "Kwon J. Ekstrom"
> <justice at softhome.net> wrote:
 
>> Security is always an issue to some degree.

>> I'd suggest that the best bet is to backup your data regularly,
>> and restrict access to critical sections of the data.  From
>> there, you can add additional layers of security as needed.

> If I may. Whom are you gearing up to protect the database or files
> against?

Me personally?

I don't worry about security, I was replying to someone else.  Since
the question was asked about security, particularly the differences
of a file and relational database, I figured a few tips were in
order.

The security of my game data has never been an issue, although I've
been exposed to a variety of security issues at my "day" job.
Personally, I've never needed more than keeping people out of my
shell.

For my game, I use both a serialized file system, and a relational
database.  The files tend to contain highly object oriented data.
The database keeps logs and statistics.  It's a convenient hybrid
and allows me alot of flexibility.

There are some security measures in place for the db.  The db is
password protected and configured to only accept connections from a
specific IP.  Additionally, since it's in Java, I use the
java.sql.PreparedStatement, which greatly improves code readability
(my main reason for using it), and prevents SQL injection attacks.
We're using MySQL so unfortunately I can't take advantage of stored
procedures.

I'm not trying to protect against anyone in particular, just rather
not leave the door open.  These are just some simple things that
didn't take much work.

-- Kwon J. Ekstrom
_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev