Search Unity

  1. Unity 2019.1 beta is now available.
    Dismiss Notice
  2. The Unity Pro & Visual Studio Professional Bundle gives you the tools you need to develop faster & collaborate more efficiently. Learn more.
    Dismiss Notice
  3. We're looking for insight from anyone who has experience with game testing to help us better Unity. Take our survey here. If chosen to participate you'll be entered into a sweepstake to win an Amazon gift card.
    Dismiss Notice
  4. Want to provide direct feedback to the Unity team? Join the Unity Advisory Panel.
    Dismiss Notice
  5. Unity 2018.3 is now released.
    Dismiss Notice
  6. Improve your Unity skills with a certified instructor in a private, interactive classroom. Watch the overview now.
    Dismiss Notice

Security with database

Discussion in 'Connected Games' started by electro_unity, Feb 11, 2019.

  1. electro_unity

    electro_unity

    Joined:
    Nov 29, 2015
    Posts:
    33
    Hi, I am implementing a database on my project. Any ideas where can I look to learn about security (for passwords)?
     
  2. LukeDawn

    LukeDawn

    Joined:
    Nov 10, 2016
    Posts:
    266
    What sort of database? Is it hosted on the same box as your project? How is the data passed to end-users?
     
  3. electro_unity

    electro_unity

    Joined:
    Nov 29, 2015
    Posts:
    33
    The database should contain information relative to the user as well as its username and password. It should be hosted on a server. So the unity application should be able to write/read from the database.
     
  4. aabramychev

    aabramychev

    Unity Technologies

    Joined:
    Jul 17, 2012
    Posts:
    569
  5. LukeDawn

    LukeDawn

    Joined:
    Nov 10, 2016
    Posts:
    266
    Yep, storing passwords you want one way salted encryption, and definitely not MD5 as hash tables for popular passwords are easy to find.

    You also don't want an end-user app being able to access the db directly, as it would contain the info for accessing the db. Ideally, the app used by end-users would connect to a server on the same box as the db, and do the db access, passing resultant data back to the end-user app.
     
    electro_unity likes this.