0

I have a C# script attached to Unity that accesses data from a MySql database. On the database, I can put directory privacy to add extra protection to certain databases additional to the user password. Will my C# script be blocked from that directory privacy without the password? I would like extra privacy so that is hackers disassemble my program, they can't access and change my database without the other password.

CompuGenuis Programs
  • 409
  • 5
  • 15
  • 2
    Don't place mysql's username and password in the client.. Make a client/server application where the server knows the mysql username and password and let the client request the server and get information from mysql with some kind of data protocol. – Raymond Nijland Oct 02 '18 at 21:34
  • @RaymondNijland Can you please give me a link to where I can learn this? – CompuGenuis Programs Oct 02 '18 at 21:41
  • @RaymondNijland Also, the C# script itself connects to the database. – CompuGenuis Programs Oct 02 '18 at 21:47
  • 1
    I believe you asked this question yesterday and were told to only communicate with the database from your server but I will say it again. Unity app makes connection to your server (not database). The request is made with a form with user info. The server, mostly coded in php script will then check the form, connect to your database, retrieve data and send result back to Unity. See [this](https://stackoverflow.com/a/39140295/3785314) for example communication between C# and php and database. For authorization, I suggest you implement the *OAuth 2.0 protocol* or use exiting libraries. – Programmer Oct 02 '18 at 21:53

1 Answers1

0

Welcome to Stack Overflow.

MySQL, as I'm sure you know, is a client-server rig. Your C# code embedded in Unity will access the data not by reading MySQL's data files directly from some directory on your user's file system. Rather, your code will establish a connection to the MySQL database server and use that connection to retrieve stuff.

To open that connection, your C# code needs a username and password on the MySQL server. At connection open time, your code passes that information to the MySQL server, and the MySQL server accepts it if it is valide.

Therefore, the only software on your machine that needs direct access to MySQL's files (in the file system) is the MySQL server (often called mysqld, and on Windows the MySQL service). I believe you mean, by directory privacy, security settings on the directory holding MySQL's files. Don't access those files directly! If your C# program reads those files directly, you will have an absurdly difficult time making sense of their contents. If you write them directly, you will trash your database.

MySQL, and postgreSQL, and SQL Server, and the rest of the client-server DBMS rigs, are generally used when several users need to share a single database.

You may want to investigate using SQLlite if you're creating local single-user tables. You can build it right into your program rather than running it as a separate daemon or service. In that case, the SQLlite library in your program reads the database files directly and you'll need to think about security settings on those directories.

O. Jones
  • 103,626
  • 17
  • 118
  • 172
  • I am new to MySql +C#. I want my script to access data, yet I don't want hackers to be able to edit that database of the decompile my code and get the server, user, and password. I want to know if I can add a password that C# script don't need, yet everything else does. It's this possible? – CompuGenuis Programs Oct 03 '18 at 00:23
  • Your C# code can have its own username / password. You can restrict access to that username/password to `localhost` if you want. You probably won't have actual code in your database tables, just, well, data. With respect, you should work out your system block diagram carefully; the stuff you have explained about database protection doesn't really make sense. – O. Jones Oct 03 '18 at 13:58