Connecting to a MySQL database in a Unity dedicated server without PHP or any other middleman?

Really just a theory crafting question. I am mainly asking to see if anyone sees any major potential problems out of a setup like this scenario:

  • Unity is compiled into a dedicated server which is run on a private dedicated machine (run by the company, not by any end-users).
  • MySQL server is a separate machine.
  • Unity clients/peers connect to the dedicated Unity server instance.
  • Unity dedicated server connects to the MySQL server and accesses the database to execute queries.

My question is, would this setup be secure if a) the MySQL server is instructed only to receive connections from whitelisted machines (any dedicated servers launched); b) the login credentials for the MySQL server are stored in another file (say XML or plaintext) away from the Unity client/server (i.e. not hardcoded); and c) the Unity dedicated server instance knows the filename and path to get the XML or plaintext file holding MySQL login credentials and loads those at runtime?

Essentially, I would store login credentials for the MySQL DB in a separate file which is not given in the distro to clients/peers, would load that information at runtime only on the server, and the server would then load this information to connect to the MySQL database.

The question: Do you see any glaring security holes in a setup such as this? I would prefer not to use PHP as a middleman connector between the Unity server and the MySQL server, I would like for the MySQL server and Unity server to exist on different hardware to offer better scalability, and the client should never have direct access to the MySQL server.

Due to the architecture, the code in Unity would contain either the MySQL queries hardcoded or (more preferably) would access the query definitions in a similar way to the credentials (pulling in the query definitions from an external file also not stored on the client machines).

No system will ever be 100% secure, but you can take steps toward that goal. I merely want to see if anyone with more security experience sees holes or has tips for avoiding common pitfalls in a setup like what I described.

In short: Yes, it is secure

As long as the mysql server only accepts logins from a specific local IP / user pair it’s impossible for someone to connect to the database. Furthermore depending on how the actual server is connected to the internet, the mysql server doesn’t need to be exposed to the internet at all.

Usual setups would actually run the mysql server on the same machine and only allow connections from localhost. Though if it is necessary / required for performance to have a dedicated mysql server, that’s ok as well. Keep in mind that it adds additional pressure to your local network traddic and increases latency slightly.

Yes it would be good to not include the mysql login credentials in the client. However it’s possible to include them directly in your code and use preprocessor directives and conditional compilation to distinguish between a “client build” and a “server build”. Though to avoid accedental publishing of server only code in a client build it’s better to store the credentials elsewhere on the server. Actually when the access to the mysql server is restricted (not accessible from the iNet) you wouldn’t require any credentials. If someone manages to break into your game server (due to root kit / some sort of exploit) he can easily look up the credentials anyways. However it’s always better to publish as little information as possible. If it’s a bigger project i would also recommend to “strip” strictly serverside code from the client as this makes it harder to reverse engineer what happens on the server. Especially sanity checks to detect cheaters. The less they know the more effective the counter measures are.

I would recomment to abstract your server side mysql connection and interaction into a seperate assembly which is only included in server builds. To avoid compilation problems you can use an empty mock-assembly in client builds to replace the actual server code. Alternatively conditional compilation could be used. For such things i recommend to use a custom build script which would take care of certain setup steps.