Re: [AD] Arcane Realms Snippets

From: Welcor (
Date: 03/09/02

From: "Artovil" <artovil@ARCANEREALMS.ORG>
> If any of you guys are interested in what we've done with MySQL at Arcane
> Realms, among other things, you are welcome to visit our snippet
> archive.  If any of you gurus out there (you know who you are, and yes,
> especially you Peter, George, and Daniel) would want to check it for
> leaks, serious bugs, and just flaws in coding, please do so, since I am
> a very good C programmer after all.  I just do it for the hell of it,
> memory or no memory. ;)
Well, I'm neither Peter, George nor Daniel, but I checked out the link
and I noticed this in the my_sql section:

/* snip */
/* MySQL database settings */
#define MYSQL_HOST      "localhost"     // database server name
#define MYSQL_DB        "YOUR_DATABASE" // database name
#define MYSQL_USERID "YOUR_USERNAME"    // database user id
#define MYSQL_PASSWD "YOUR_PASSWORD"    // userid password
/* snip */

Is it just me being paranoid, or is this a bit unsafe ?
My approach would be quite different, encrypting the password,
and storing it in encrypted form in a file on disk. If the
file didn't exist (ie. first time the mud is run), it will
query for username and password, verify that they work, and
write them, encrypted, to a file, much the same way
mud passwords are stored when using ASCII pfiles. If it did
exist, load the file, parse the user name and password, and
decrypt it, _then_ log on to the database.

This would prevent someone with read rights to either your
source files (or your binary) from breaking into your database,
since neither place would have a clear text password in them.


   | FAQ: |
   | Archives: |
   | Newbie List:   |

This archive was generated by hypermail 2b30 : 06/25/03 PDT