Thread: Running SQL queries server side with C++?

  1. #1
    Registered User taelmx's Avatar
    Join Date
    Oct 2006
    Location
    Japan
    Posts
    55

    Running SQL queries server side with C++?

    I have an SQL database and want to make an MMORPG. The base of it would be the network. I was wondering if there were any ways of communicating with the database without having and vulnerbilities......I don't want to have any hacking here.

  2. #2
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,895
    Sure. Have your code and server setup security-reviewed and pay those doing the review several grand per day.
    Security holes are nothing that is inherent to having a server. It's always programming or configuration errors that result in security holes. You need to avoid these: by knowing the dangers, coding in a way that reduces them, coding very carefully, testing your code and have your code looked at and tested by others.
    The two main threats are typically buffer overflows and SQL injection, because they're so easily opened.
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  3. #3
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    If you restrict all communications to the database server to your game server you are already increasing your security level a notch. After that, anything goes. Malformed queries (known as SQL Injection) will be one of your main concerns. Read about them somewhere on the web and code to protect yourself. Do not trust users will send requests to your game server through their game client even if you have the perfect system. Restricting access to the database server alone will also handle most of your time (albeit this is not so much a programming issue, but a database server issue).

    EDIT: Oh and Denial of Service attacks. Every bug in your code is a potential DOS. Even if it doesn't allow access to your server system, it has the capacity of shutting the game down.
    Last edited by Mario F.; 10-10-2006 at 08:01 PM.
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. SQL Server 2005 using C
    By dunxton in forum C Programming
    Replies: 0
    Last Post: 02-22-2009, 10:57 PM
  2. Connecting to a SQL Server to do simple stuff
    By GDR92 in forum C Programming
    Replies: 4
    Last Post: 01-07-2009, 07:56 AM
  3. multithreading question
    By ichijoji in forum C++ Programming
    Replies: 7
    Last Post: 04-12-2005, 10:59 PM
  4. Server Client Messaging Program
    By X PaYnE X in forum Networking/Device Communication
    Replies: 3
    Last Post: 01-04-2004, 05:20 PM
  5. Replies: 1
    Last Post: 01-07-2002, 12:17 PM