"Safest" way to store MySQL Login Data.

As many of you are I’m sure aware, .blend files can be easily extracted from any runtime. That said, what’s the best way to go about storing mysql logins for, say, a high score board? Here’s a few of my concepts for it, just wondering if there was a better way.

Method one: Make it all server side, just load a .php file with some POST values that either posts the score or retrieves an array of the high score list. The problem with this is it not only seems like overkill, but it also is much harder to manage simply because you’ll have to not only update the local client, but the middle-man and the database to simply add one column to the database. Not just that, but if anyone hacked away at the blend they could easily inject a custom score into the database with great ease using an internet browser.

Method two: Create a compiled C program that contains the encrypted variable (retrieved from the C program using the python script). The problem with this method is obviously if anyone knew the encryption (a simply .blend extraction and python script hacking would give it to you) they could simply run the C program in terminal and get the username password.

Am I missing something obvious? My needs have nothing to do with a high score board, but for storing profiles. Same method for both though. If you guys remember I’m working on my game “EPIC BATTLE GAME”, I’m simply making a server application using blender (I’ve chosen to use blender over unity for the server because of certain restrictions in unity, although the client game is in unity).

Anyone? Sorry for the bump…

I’m taking it that the MySQL server is located on your web server and your gamers will be playing on their own local machines.

If so, then the local side doesn’t require any MySQL login details because all of that should be handled server side.

However, as you say by using say POST requests, people could inject information, well yes they can, that is where you need to authenticate them, e.g. with a session identifier.

But even then the data could be altered or injected.

Next you’d move into the realm of serious game protection where you’d want to (at least authenticate) using SSL. But then the game code could be hacked, so you’d want to write a couple of admin level drivers which checked each other for integrity… Overkill, oh yeah, but that’s like the level of PunkBuster, etc…

Sorry, phone just gone…

Just abstract it by one layer.

Like requiring a user login.

Even if you give everyone the same login, the MYSQL variables are secured behind the server and can be changed if needed without changing the client. Then it becomes a webserver issue and not a Blender issue if problems occur.

Require unique email user names. Then if someone cheats, you can ban them or prosecute them via their IP.

So great ideas rarebit :smiley: php GET/POST methods are way too easy to inject unfortunately. The thing is, if you could “properly” protect blend files we wouldn’t have this issue. I could simply generate a key in the game and use that for authentication. But the problem is extracting python files from a blend file is SOOO easy it’d be easy to recreate the key and inject data.

I wish someone would make a serious blender encryption app :frowning: or just fix it in the blender app itself. Although I don’t know if that would go against the GPL :confused:

Aren’t all server client’s easy to inject, hence the ssl mention, even then with a little knowledge and stunnel you could still do it with telnet or ssh…

Is anything secure?

Aren’t all server client’s easy to inject
I’m not sure what you all fear? But if you write the server side processing script correctly you can avoid any kind of injection. It is only dumb server side code that merrily relays user input to the database that is vulnerable to injection. Just write your code correctly. It is call validation. Validate the data you receive before anything is added to the database. And when you do write to the database, write the validated data only, not data that was given to you by the end-user.

Also, security through obscurity has it’s merits as well. So don’t post your code here or anywhere else. Come up with a clever system and don’t tell anyone how you do it.

Ignore and log any mal-formed data communications to your server side script. Have the code email yourself when this happens. And when you do receive an invalid navigation, return a random value in the expected return form to keep hackers thinking that they are getting somewhere.

What if their not trying to inject code but just untrue, yet valid data? i.e. cheating

I’m not really thinking about Eve and Mallory getting in the way of Alice’s enjoyment of playing with Bob, more about Alice playing herself (ahem!).

As to the general system vulnerabilities and notion of security through obscurity, 1) it just makes it more fun, 2) in this case at least the client needs to be distributed so there is either scripted code in the plain, basically compiled executable to decompile or the same but obfuscated (may I recommend the Secure Programming Cookbook for some techniques.) 3) even if the client application is secure there is network data to analyse, which yes may be encrypted easily enough, but because it’s Alice wearing Eve’s mask she also technically has access to her part of the keys, (even if it wasn’t Alice then technically it’s still possible negating time allowances).

Where am I going, what am I suggesting, well currently i’m not… If I was, i’d say at this point don’t worry too much and just get the system working, you can always encrypt the packet stream later.

Also when it comes down to encrypting data, there isn’t too many options and even less options when it comes to public key algorithms, but what really does matter is the protocol implementation. For anyone remotely interested in all of this type of stuff i’d recommend this light introduction (674 pages prior references and index) Applied Cryptography to give you a basic grounding in concepts, protocols and algorithms.

In the end if it’s seriously worthwhile either pay for a company like Punk Buster or just rely on the community and trusted moderators.

Footnote, most cheating can be spotted by analysing stats for erroneous and implausible data.

But here’s what I can’t wrap my head around.

If you’re saying do all your “validation” server side, SOMETHING has to be done client side to verify? And at that point they can gander in the python code and duplicate the client side validation and send data to the server for further validation.

If you’re just sending a value the server how are you supposed to validate that?

Think of it similar of logging into a website, you send your username and password to the server, it logs some details about your connection and sends you back a session key which the client sends back with every communication from then on.

I see your point. Perhaps you could simply import a python script, but not supply the .py file with your distribution? Just supply the .pyc file. Which is a compiled python file. Put your secret data transport code into that file.

I am not aware of a python decompiler? Are you? Maybe it exists. But it would be the equivalent of your Method Two mentioned in the first post, but you could just remain in python and not need C.

Python byte code isn’t very safe, it’s only intermediary portable code and there are disassemblers available…


Just by doing a quick search:

I found a list of the commands:
(Basically a simpler form of ASM)
With that page I could write a simple decompiler quite quickly, hmmm, i’d probably use Python to do it too!

Yes, I’ve compiled python files to pyc in the past. It’s pretty much just compressed, not really compiled. Compiled C code is much safer.

Not really much more so…

You need to use obfuscation.

For example make a small C / C++ program with a password stored in a standard character array and then run ‘strings’ on it.

The strings program generally comes as standard with *nix, and here is a version for Windows, not that i’ve tried that one…