MySQL is insecure

[SWAT]

Like many of the users her I have game servers and a web server with you. Like many I also run Sourcebans using these two services. There is one major flaw with the MySQL is what I like to call, a dummy switch. The switch allows access for anyone with the username and password to edit the database no matter their IP.

This can be very dangerous if you allow other people access to other servers. Now I know the first answer is don't allow people at all or don't allow people you don't trust access to the game server. Well the first one isn't practical in larger groups so that's a silly answer and the second is just plain hard, people can snap and turn you in a instant. Sourcebans is a widely used thing in source communities and is built up over time and it's sad to know someone could wipe it in an instant of pure rage.

Another issue is if you allow access to one, you allow access to all. Since I run a sourcebans for my servers, I am unable to run anything personal knowing other people have access to MySQL.

I suggest you change it so you specify IPs that are allowed to access the MySQL which in turn would fix both my problems.

I'm sorry to say but the current system isn't secure by any means.

[Edge100x]

I appreciate the feedback that you'd prefer access to be locked down per IP address. However, this would not resolve your concern. If you've granted someone access to view and edit your game server files, they also can access the database through game server plugins, which would get past the IP address limitation.

Different logins for different databases would be an actual workaround, but that's a feature that we have not implemented, partially because our current price points are not compatible with many users sharing a webspace. The very low price also facilitates giving each user his or her own space.

The best solution for your trust issue, as the situation currently stands, would be for you to separate game server functions from personal/group website functions by using separate webhosting for each site/task. The fact that webhosting is free with regular game servers makes this very practical.

[SWAT]

I understand your point about the plugins but at that point if someone can code PAWNS like that, I'm in trouble any way and I know coding PAWNs like that is much more difficult for someone than just randomly using a MySQL Client.


One of your solutions doesn't help people like me that have Managed VDS, I don't get that same offer. Otherwise I'd have it on one for the free webhosts.

[kraze]

I understand your point about the plugins but at that point if someone can code PAWNS like that, I'm in trouble any way and I know coding PAWNs like that is much more difficult for someone than just randomly using a MySQL Client.


One of your solutions doesn't help people like me that have Managed VDS, I don't get that same offer. Otherwise I'd have it on one for the free webhosts.

Edge100x also mentioned that the price point was low enough that picking up some more webspace would also be a good option if you are worried about privacy.