iFastNet supports remote database connections. So what you want is possible.
Whether it’s a good idea is debatable of course, database connections are notoriously sensitive to latency, and having your game interact directly with the database makes it very hard to do any authorization checks and validation to prevent unauthorized changes to the database content. If this is just an experiment, it will work, but you may want to stick a PHP application in between to make sure that no undesired changes are made to the database.
I do not recommend connecting to the database directly at all, definitelly use an API in order to fetch data from it for your game.
Otherwise unauthorized access to the database is granted by someone who is able to either view the source code of your game or reverse engineer it
Do you have a better solution to make a network game with python? I tried Socket but it is not very easy to use and lots of bugs occured.
Still, the account will be linked but maybe ingame info can be fetched by another way
How you decide to prevent botting is up to you, however a harder but better solution such as making use of socket is safer than just exposing the database credentials for the sake of picking the easier way.
the game wont be on platforms like steam or playstore and be exclusively downloadable on my website only by people who created an account and whom i verified manually, since the game is meant to stay between friends.
so basically all that matters now is lag
It depends on the type of game. Many games have a centralized, online service that’s responsible for things like matchmaking, scoreboards, profiles and so on, and use peer to peer connections for ephemeral information like in-session movements and actions. How much you have of each depends on the type of game.
Having the visitor’s browsers connect directly to the database is a really bad idea. Database access permissions are not very fine grained. You can determine whether a database user can write to the user_profiles table, for example, but then they can update everything in that table, not just their own profile. You need additional logic on the server side to prevent that from happening, which plain MySQL permissions just cannot do.
And if you now think “but I have checks for that in my game”, remember that to make the database connections work, you have to distribute database credentials along with the game code. That means that these credentials can be obtained from the client.
That’s why it’s customary to have a server side application that implements the necessary logic to only allow players to see and edit the things they should be seeing and editing. With a HTTP (REST) API to access that functionality from the client.
What I would like is that people can see leaderboards, friends, and more on the website by connecting their account, so ingame info must be linked so now i dont really know what to do.
For ingame information like movements and everything i tried socket but it is very chaotic…
Then you would usually have a server side application to handle it. Our hosting isn’t suitable for that either due to limitations, but premium hosting could be used. You can either write the server application in PHP, or also write it in Python using a web framework like Django, Flask or FastAPI. Especially Django makes it quite easy to write basic CRUD functionality for your database with a lot more security.
With things like movement information, the most important thing you need is that it should be low latency. Nobody likes laggy game where the movement of other players is delayed a lot.
Sending the data directly from client to client is how it’s done most commonly I think, but you could also relay the information through a server. Regardless, I think you’ll need some way to push data to the client with state updates, which a relational database doesn’t do well. Websockets are one way to do it which can be hosted on a web hosting service. If not, you’re looking at building your own protocol, but then you’ll need something more flexible than web hosting.
Hi. I’m pretty sure you can. I just wanna make sure of something: are you gonna distribute your games with phpmyadmin code in it ? Because if you do that, you will need to pass the credentials and a little reverse engineering software (since Python apps distibuted with PyInstaller are super easy to reverse engineer if you know how to) and people can login and do anything they want with the database.
Prefer to make a PHP script that you send POST data to using the requests Python module or the urllib.request (lower level, a bit more hard) module, and make the PHP script login to the DB and do all the stuff.
Make sure to properly encode and decode stuff to not make your app vulnerable to MySQL injections (“SELECT name FROM people WHERE family_name = [userdata] AND registered = 1” with “a; TRUNCATE TABLE people; --” as user data gaves “SELECT name FROM people WHERE family_name = a; TRUNCATE TABLE people; – AND registered = 1” so bad guys can delete the data but also see it using other ways, basically they can do anything from here) or XSS attacks (bad guy posting a text that load a script when loading the text on other people computer if the text is not handled properly) and if you use compression somewhere to make requests tinier, decompression bombs as they can overflow the server ressources and take it down.
If you dont have a Premium plan from iFastNet, Python scripts wont be able to load your website pages (see my forum posts) unless you decide to emulate the JavaScript code and the cookies to get the page but I clearly dont recommend this as its not stable and very time and power consuming).
If you want to have a nocost solution, take a look at Replit.com, just note that every code is public unless you pay for a premium plan and mark your repository as private (public means its forkable and readable but not writable by anyone), also on Replit you’ll be able to code in basically any language including Python. If you use Replit, dont use their database system: its super limited. Instead, take a look at the sqlite3 module of Python or something similar in annother language, to store MySQL databases in a single file. Want a tip for keeping your database file private ? Encrypt it with AES256 with a key that you will store in environement variables called Replit Secrets: only you can use and see secrets. Thought, it’s a workaround, it’s not very optimized. Also, to keep your app running and working (except if its an HTML/CSS/JS repository, they are static and dont need to be ran to be online) you have to pay for a premium plan too. Or you watch a YouTube tutorial how to use UptimeRobot.com to make your repository alive without paying (that’s a workaround, not a solution !).
Good programming !
[Ok, I know it’s a webhosting forum, not a programming forum but anyways I just wanna help this guy]
Edit: Just saw that @Ziverre said somethinf similar, this answer is completing his one
Edit 2: If you are using Python to build the server, take a look at the socket module and watch a tutorial: this module should not be very hard compared to websockets. For ports, you should use a non-reserved port, using a port higher than like 20000 is recommended, for more info about ports search non-reserved ports and read the Wikipedia article. Also, I didn’t knew iFastNet’s Premium plan could run Python scripts. Good to know.
Hi @HGStyle , sorry for the late reply.
Thanks for your detailed help.
Firstly, Python won’t be running on IFastNet of InfinityFree, it will be running on the browser of the player but linked to the database…
I tried Socket but i also want to link it to the player’s account that is on the website (eg: name, friends, score, …) and IFastNet allows external connexions with SQL Remote. Maybe I can use socket for ingame positions and stuff but linking the computers is kind of chaotic
I found some encrypting methods, like python scripts are in a .txt file and encrypted. There is a a Batch file executing and decoding it and more.
And yeah, I always use prepared statements with PHP.
Thanks again!
