Connect to SQL Database?

Hello everyone.

I admit that I am very new to 3dgs and am building my first application. I have extensive SQL programming experience (MSSQL) and was wondering...

1) can lite-c and A7 manage all of the data needing to be saved by a character (i.e. rpg player inventory, skills, preferences) or should I connect to a database application?

2) if a database appplication is the answer, while I prefer Microsoft SQL Server, what are my database alternatives? I believe I would need a full functioning db.

3) and, where can I find drivers, connection string formats, etc identifying how to connect to the database from lite-c?

Thank you in advance for any assistance.

I too am looking for the answers to these old questions. Does anybody know?

1) You can save all these in your self file-format or you can use sql,xml etc.
Point here is if your game is an online game or a single player game. For a single player game saving data on a remote server is not really a good solution, nor running a server on user's machine.

2) If you really need to use SQL, use one of the libraries that do not require a server to be running, like SQLite or MS Access.

3) you need plugins to use a SQL server, connection string is more like .net thing, f.i. in MySQL or SQLite you do not use connection strings. For MySQL you pass your server's ip,username and password to a function then you select a db with another function. For SQLite you only need a filename, there is no server to connect to.

There are other things to consider when using a SQL server from your games. First, a note, I am going to name game's main executable where players run to play the game as "Client". You do not want to directly connect to your database or db/server from your client. If you do that you have to provide your username/pass/connection string either in your code, hard-coded, or in a config file which is not really healthy for your server's security. If a local database on the player's machine is sufficient for your needs, use SQLite. SQL syntax is not much different from MSSQL. If not, you need a "game server" for your problem. The function of the game server is to get data from clients and connect to database then store that data there. This way you can validate the incoming data on game server and do not expose your database credentials in your cliet.

Hi, taking advantage of this post since it is about a same problem i ran through.

I have a kind different idea in my game, I have an old A6 standard version, and I was wondering if there is any plugin that could make my game connect to a mysql database that is hosted on the web and retrieve some information from there, every 15 minutes.(just as an example)

just for explain it better, my game is a mix of single player with multiplayer game, but there´s no 'real time server' for it, so the client kinda feeds the mysql webserver with information every 15 minutes. (this all is just an example!)

Anyway, is there any way?

Thanks and sorry for using someone elses post.

Again rather than connecting to db from user's machine you can use a php script that clients make calls to. Since its a webserver your server probably has php support. Besides using mysql from php should be much easier than usin it on a6 wdl. How are you going to connect to that php page is whole another questin. Still it will be easier and safer than using mysql directly on clients. How would you do that in a6 standart? i do not know if that version supports plugins but if it does you need a http plugin.

actually it supports, somebody just remind me about the peacekeeper's GSHTTP-plugin. I never used it, but i think i can work something out with that.
I don´t know why but still would preffer making the client connect directly to the mysql database, inside the game, he would just put his username and password and thats it!
Like combat arms or any mmorpg that we see in this days, in my case is just for downloading info.

thanks

This is definitely NOT the common case and NO MMORPG does this! This is a HUGE (and I mean really huge!) security risk since you knowingly build an attack vector right into your application! Everyone, really everyone, will be able to sniff what you talk with the database, the password, the username etc. And sorry if this is wrong now, but I assume that even if you would use HTTPS you would either never validate the certificate and/or validate it wrong (eg. trust every root certificate) resulting in easy to do man in the middle attacks giving you no security at all.

Please, consider that your users are trusting YOU with THEIR data, assuming that you are able to deal with this correctly. What you are trying to do is virtually spitting every single customer in the face and then laughing at them. Do you really want to do this? Do you want to be treated like this as a customer?

The example given was only to illustrate how the player would 'connect' to his account, through inside the game.
My initial thought was not to use anything between the database on my webserver and the program(game) itself (besides the plugin which contains the funcion to propper conection).
It would be just like going to hotmail.com put your username and password.
Was just to illustrate.

And since its just a prototype game, that the database only holds the players score and download new missions or messages that I´ll feed the database. Nothing fancy or personal info.

I never got too deep inside security in web applications but now that you told me that, so how ANY game or app that connects to a server only to know if there is or not a update or a simply 'hi webserver I have just logged in, bye' ?

you can development dll about ms asscee to save data

Its not like hotmail.com, its like going naked on the street with your hotmail credentials tattooed in large bold letters on your skin! Really, everyone can read the database credentials and most people on this planet a able to at least send "DROP TABLE quests" to an SQL server!


It doesn't matter if its a prototype, this won't stop people from either dropping your tables at random and/or altering the rows at random.


No App connects directly to the database but to a webserver that does the database transactions for you, the webserver does a sanity check on any input and makes sure that no app tries to do something that it shouldn't.

Actually I already understood the first part, I´ll try to be more especific for what I have doubts about.


1 - So, what you mean with 'webserver that does the database transactions' did you mean, like a real computer with a fixed IP waiting and receiving data from the clients and doing the transacitons?

OR

2 - you meant like a PHP webpage that receives the client´s incoming request of information and then make the transaction?

ps. The database stays hosted in a webpage at those webpage service providers.

Thanks in advance in case if you post/awnser something that could help or enlight my narrow knowledge of 'webserver security' instead of negative criticism that would want make me shut my project down.

Whatever you want, although its probably easier to achieve in PHP.




If I can stop you from doing stupid things, I'm okay if it comes to the price that you stop your project
Webserver security is a huge topic, you have to deal with many things like authentication, authorization, malicious users and so on. The key is probably to trust no one, not even what looks like your game since virutally anyone out there can pretend to be your game. Always run sanity checks on the input that you take from 'the wire' and if you are using certificates for authentication and authorization, always check the whole certificate and the signing authorities. You should also check the revocation information, just in case someone was able to get a root CA to sign malicious certificates (like what happened to diginotar for example).
Although, if there is nothing crucial going over the wire, like passwords or other sensitive user data, you don't really need to encrypt everything. For issuing quests to your users its perfectly fine to use no authentication and encryption whatsover but just having the client connect to your webserver that in return queries the database and returns the result to the client.
In a REST environment this could look like this:

I see your point and makes a lot more sense with the example.
Since I am still wanting to make this project work I don´t like to give up easily just because of the difficulty, I´ll give a lot of thought on this and build the database, the php(which I already know how too) and the client before making the actuall game, gonna run some tests and ask some of my college friends(the ones who know more than me about the subject(security)) and make them try to breach the security or whatever.

Thanks for the reply and for the enlightment.