直接或通过客户端服务器服务连接到SQL数据库 [英] Connecting to SQL database directly or through a client-server service
问题描述
您好,我目前正在使用c#xna创建游戏,并将允许用户使用某种个人资料系统。这样他们就可以创建帐户,登录视图配置文件,成就等。
Hi i'm currently creating a game using c# xna and will be allowing users to have some sort of profile system. So they can create account, sign-in view profile, achievements etc.
在测试的过程中,我正在使用SQL Server Express的本地实例。在测试中这很好,但是在创建最终产品时,可以简单地更改连接字符串以连接到远程可公开访问的SQL Server,否则会带来安全隐患。
While I am testing this I am using a local instance of SQL Server Express. In testing this is fine, however when creating the finished product is it ok to simply change the connection strings to connect to a remote publicly accessible SQL server or would this have security implications.
例如有人可以通过程序找到SQL Server的用户名/密码,然后手动连接并造成严重破坏吗?
Could someone for example be able to find out the user-name / password for the SQL server through the program and then connect manually and wreak havoc?
我应该改为是否希望连接到代表我的客户端程序查询数据库的服务器端应用程序,以防止客户端直接访问我的数据库?或者这是不必要的抽象吗?
Should I instead be looking to connect to a server side application which queries the database on behalf of my client side program to prevent the client side directly accessing my database or is this an unnecessary abstraction?
推荐答案
由于安全方面的考虑,最好是连接到服务器端应用程序,而不是直接将程序连接到数据库。
Due to security concerns connecting to a server side application would be best instead of having the program directly connect to the database.
首先,通常认为SQL Server在公共Internet上开放安全性很差,因为它有许多远程利用方法。
First, putting a SQL Server out open on the public Internet is generally considered poor security as there have been a number of remote exploits for it.
第二,通常很难或不可行的是限制每个用户的数据库访问。创建单个数据库帐户通常是不实际的,因此所有用户都使用一个帐户来连接数据库。这个单一帐户需要对数据库的大量访问权限才能执行必要的功能,这意味着它也可以用于对数据库执行任意恶意查询。一种温和的可能性是 UPDATE高分SET得分= 1000000000 WHERE user_id =<我的用户ID> 。我已经看到了一些学校管理系统,这些系统通过对所有用户使用默认的数据库管理员用户名和密码来实现,并通过网络以明文形式发送。这些不是面向公众的,这只会使情况稍微好一些。
Second, in general it is difficult or not feasible to limit database access for each user. Creating individual database accounts is typically not practical so a single account is used for all users to connect to the database. This single account needs a lot of access to the database to perform the necessary functions which means it can also be used to execute arbitrary malicious queries against the database. One gentle possibility is UPDATE highscores SET score = 1000000000 WHERE user_id = <my user id>. I have seen a few school administration systems implemented by using the default database admin username and password for all users and which was sent in plaintext over the network. These were not public facing which made it only slightly better.
与此有关的一些其他问题是:
Some additional questions related to this are:
- connect sql server 2005/2008 over internet
- Client Access to SQL Server over the Internet
这篇关于直接或通过客户端服务器服务连接到SQL数据库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
