The example given was only to illustrate how the player would 'connect' to his account, through inside the game.
My initial thought was not to use anything between the database on my webserver and the program(game) itself (besides the plugin which contains the funcion to propper conection).
It would be just like going to hotmail.com put your username and password.
Was just to illustrate.
Its not like hotmail.com, its like going naked on the street with your hotmail credentials tattooed in large bold letters on your skin! Really, everyone can read the database credentials and most people on this planet a able to at least send "DROP TABLE quests" to an SQL server!
And since its just a prototype game, that the database only holds the players score and download new missions or messages that I´ll feed the database. Nothing fancy or personal info.
It doesn't matter if its a prototype, this won't stop people from either dropping your tables at random and/or altering the rows at random.
I never got too deep inside security in web applications but now that you told me that, so how ANY game or app that connects to a server only to know if there is or not a update or a simply 'hi webserver I have just logged in, bye' ?
No App connects directly to the database but to a webserver that does the database transactions for you, the webserver does a sanity check on any input and makes sure that no app tries to do something that it shouldn't.
