MySQL - How to be safe?

Discussion in 'Plugin Development' started by mike0631, Dec 26, 2013.

Thread Status:
Not open for further replies.
  1. Offline

    mike0631

    Hi,

    So I'm having an issue, I want to have one global database for the plugin.
    How can I protect the MySQL credentials from people that decompile the plugin?
     
  2. Offline

    DixieCrafting

    I'm not sure if you can protect it properly.

    There are always (almost) ways to retrieve a certain thing even if they are protected.

    But on the other hand, it also depends on what you want to protect.

    If it's a database for passwords, you can protect the passwords with some hash algorithm like SHA256 or MD5 and put some "salt" on the hashes.

    What exactly do you want to protect?
     
  3. Offline

    aredherring

    Don't put MySQL credentials in the plugin.
    What you should be looking at using in this circumstance is something called public key cryptography.

    You could alternatively make a web api and have the plugin communicate with that api instead.
    This also has the added benefit of still working if you decide to stop using MySQL.
     
  4. Offline

    mike0631

    I want to protect the MySQL credentials.
    The code part of it.

    Yeah, I think that we're going to make a web api.

    I use compass navigation and chest-commands but I don't know how I can make it so people can have a compass from the time they join, even when they die or any other item(for chest commands)like a d sword when they join a game in hunger games so they can choose their kit.
    Thanks in advance.

    Anyone please?
     
  5. Offline

    AndyMcB1

    timtower understands reflection.
     
  6. Online

    timtower Administrator Administrator Moderator

    Put it into the config?
     
  7. Offline

    DixieCrafting

    Your best choice is probably to make a web API, but even that can be hacked if your website has shit security.
     
  8. Only thing I can think of is that you use php to execute the querries and print the results in html. You might want to authenticate the server though, maybe using a key that is unique for every server and have that as a post variable, as well as the name and ip of the server, as those 3 should be the primary key
     
  9. Offline

    LucasEmanuel

    Write a basic PHP-script that recieves the data you send to it and puts it in the database. I recommend that you use encryption to protect the data, in this case you want to look at public-key-encryption.

    Basically:
    1. Your plugin collects the data that has to be sent.
    2. It then encrypts said data using the public key.
    3. It sends the data to the PHP-script-
    4. The PHP-script decrypts the data using the masterkey.
    5. The script saves the data in the database.
    For an example:
    I created a plugin called "Register" that allowed players to register to the community forum by using a command inside minecraft. This allowed the owners of the community to disable the ordinary registration-function on their website and forced the players to register inside Minecraft. By doing so, the admins and such could be 100% sure that whoever used the forum used the exact same name as their Minecraft-account.
    You can find the sourcecode for it here:
    https://github.com/Chilinot/Register/tree/master/src/main/java/me/lucasemanuel/register
    It basically does everything I listed above, except that it uses AES-128 encryption to protect the data and not public-key.
     
Thread Status:
Not open for further replies.

Share This Page