Hello, I’ve read that having your project connect to a MySQL server directly is un-secure, but I am wondering if it is still un-secure if you make the server enter the db connection info at server start (Like in a GUI) so that the connection info is not built directly into the game. I’m basically wanting to serve a game on my local machine, and use a local MySQL database. Basically what i’m wondering is if the clients dont have my database connection information, is there any way that they could get it just by being connected to my server?
A common way to address this is to write a server-side script (eg in php) that takes a form submitted to it, looks for key-value pairs, sanitises the values to protect against SQL injection and invalid data, and only then inserts or updates records in the database (or returns an error that your game should handle, eg invalid data like health being negative, etc).
You might also want to encrypt the data sent, to help prevent arbitrary form submissions not from your game. But I’d only do that if your game gets popular enough to make that a reasonable risk.