Database Security

Posted by Glen on Aug. 25, 2010, 1:24 p.m.

Is a database controlled by .ini files a big risk? With websites of course. I'm just questioning the main advantages of going with mysql. I'm starting to need values saved and retrieved in my current website and I find .ini files easy to work with, but I'm wanting to learn mysql as well. But yea, for things like download counter, rating systems, and log in systems.

I've tried talking to people on website forums, but no one is ever active on those things and to be honest, I find more help from 64d with every problem I have whether it be game design or deciding what to eat. You guys are always a big help to me. I appreciate it. So if anyone can help me out here with a few new systems, let me know. Currently I use .ini files because that's what I was familiar with. I used .ini files in game maker all the time for stuff like this. But now I'm wondering if it's "that bad" of a thing to approach my website needs with the same strategy.

Comments

Josea 14 years, 3 months ago

Quote:
What makes the database so much better? Other than password protection.
There's much more to databases than simply storing data on whatever data structure you like. Let's keep this short, a database system offers you a secure, efficient and abstract way to store and retrieve data. And guess what, it's done already!

Definitely don't waste time trying to make your own database system, which would be extremely inefficient and limited, instead use a database system such as mysql or postgresql. Heck, since you're on the website development thing I would suggest to get a nice framework so you can simplify things further.

True Valhalla 14 years, 3 months ago

With Myriad Online, we're transitioning to MySQL now. This is mostly so that our website can interact with player files (so players can view and compare stats of others through the website). But mostly, it's just for professionalism. INI's are easy to work with, and to be honest not visibly slow even with 2000 of them, but a proper database just feels more professional.

firestormx 14 years, 3 months ago

Aside from the security, speed, etc, the biggest thing you'll find is ease of use.

Like Josea said, don't waste time building your own database engine. SQL is, as the name says, a language of its own, that does almost everything for you.

It will search the database, read/write to it, sort the results, easily cross reference tables…

Say you have a site like 64D, where you can download games, and you want to find "top quality games", which are rated 7/10 and up or something.

You could write something that reads your ini file that lists every single game, put it into an array, iterate through the whole array to filter out any low rated games, as well as reorder the list so 10/10 is at the top of the list of games.

Obviously, that's pretty intensive on the server, and quite a bit to code.

You could further develop ways to make this more efficient - ie, create multiple ini files with the same data, but sorted differently (ie sorted by rating, sorted by name, sorted by file size, etc) so there's less processing on demand.

OR, you could write an SQL statement like this:

SELECT * FROM games WHERE rating>=7 ORDER BY rating

We don't have to get in depth about how mysql is more efficient and stuff (which it is), and there's ways you can make it even more efficient with the table structures, but flat out, the best reason that mysql is better than text files is the ease of use.

And it's really VERY simple to use, especially since PHP has a whole library to work with mysql. It just takes a few hours of reading and some toying with it to get it down pat.

Josea 14 years, 3 months ago

Quote:
and to be honest not visibly slow even with 2000 of them
That is utterly irrelevant. I could have 2k files with a single record in each, then everyone would laugh because 2k is a such a small number in computing terms. Now if you were talking about how much data you actually put there…

True Valhalla 14 years, 3 months ago

Fine, I was lazy. Each file had around 8Kb of data. Happy?

blackhole 14 years, 3 months ago

MySQL is designed to handle MILLIONS if not BILLIONS of records, and pull the data in a matter of milliseconds. 8000 is nothing. In order to even begin to compete with MySQL you'd have to write an extremely advanced INI database system. Or you could just use MySQL.

Juju 14 years, 3 months ago

I think the point here is that he's not trying to compete, he's trying to have a system that's adequate.

Might as well use MySQL anyway.

Glen 14 years, 3 months ago

Okay, so I started using mysql today. I managed to get a working download counter. Now I'm working on sorting files by categories. It's not as hard as I thought it would be. So far so good.

sirxemic 14 years, 3 months ago

Quote:
It's not as hard as I thought it would be.
After all, MySQL exists to do lots of stuff easily.

Glen 14 years, 3 months ago

When doing categories, would it be smart to make a different table for each category? Or is there an easier way?