That's very interesting. I don't have any prior experience with MySQL. What about a WAMP package makes it insecure? Or is it just that trouble-makers could potentially access my database without going through my game? I guess that would be pretty easy if they have a peek at what information my game would be putting out.

Jibb

A MySQL server is also included in wamp packages. Trouble-makers aren't able to access the database, as long as you have the newest most secure MySQL version and you don't give the username and password to anyone. Additionally, you can configure the mySQL server to not accept connections from the internet. When doing all of the above, the mySQL data should be pretty save (as long as your game doesn't have sql injection vulnerabilities, but thats up to you to program it to be save).

It's apache and php that make a wamp-packet insecure. In the past, there have been quite a few so called "remote exploits" in apache or php.
In the worst case, they can give "trouble-makers" full access to your system. That is unlikely if using Linux, but likely when using a stock windows (server 2003) installation with any WAMP.

In order to be moderately save you'll have to install updates ASAP after they get released, and run the apache-server as a non-privileged user.

My concern was more that they'd sniff outgoing packets from the game communicating with the server, and figure out how to have the apache server manipulate the database. This is less a concern for an A7 server, which can more easily take into account data that it receives from the game on a much more regular basis. Or at least, that's how I imagine it would work
Wow. That's bad!

Thanks for that. I have two types of use for online databases planned, and with your advice in mind I'd probably set them up like so:
1. Persistent online worlds in which case I'll need to host the game on a Windows machine with A7, but I'll have A7 interact with MySQL directly; no Apache (or other) server on the system.
2. Lobby systems -- I think the easiest way to have a good lobby-system with which other servers can communicate (update their status, such as how many players are in the game, and so on) while still hosting a game would be to use the up-coming http functions from the beta page. For this I'll set up a Linux system with a LAMP-stack. This would also use very little bandwidth on my side, and I could probably comfortably have lobbies for several different multiplayer games (if I ever make that many) on the same machine without much trouble.

Does that make sense?

Jibb

Both 1 and 2 sound pretty solid.
For 1, I hope you're planning a system like that:


MySQL <------> A7 Server <------> A7 Client

Its important that the clients don't have direct access to the mySQL database. As long as the A7 Server checks all incoming data from the clients for validity, the MySQL database and thus the "game world" is save.

Same with the lobby system. As long as the php-scripts running on the apache server are save, the whole system will be save (except for the mentioned "exploits", but when you keep the system up to date the risk will be minimal).

Yes, I am. Thanks very much, I've seen your multiplayer work and appreciate your help

Jibb