This is really just a fancy skin and a rewrite in PHP from my previous post. It’s nothing special.
Didn’t catch your other post. What would this be used for? Why use it over DataStores?
1 Like
Mine is literally just using php get to urls with no validation and it’s vunerable to sql injection, I am planning on fixing it eventually but I’m the only one who will ever have access to the urls so I don’t mind to much.
I honestly cant say I feel safe using a project when someone says a exploit is impossible. Granted I know its easy to stop most SQL Injections but from my experience in penetrating testing, you should never be gullible and assume you are completely safe.
I run a clan database service and I completely understand why some will not want to use my free service because their group will rely on me running it for the next 3 to 5 years and afford it. Granted I have premium so I’m able to keep it running. I’m still afraid on attacks, I learn everyday how to prevent it as much as possible.
I would not put the data for my game on a service I dont run personally anyways because if it goes down then I am screwed and my entire player base will quit.
If anyone uses this… Backup the data with DataStores on roblox. I plan to use my own service for a game soon for cross game data but even I want to keep redundancy and fail safes because everything including uptime is guaranteed.
That’s really a given to back up data that is used on and online, non Roblox datarores, they won’t be on forever and you aren’t garunteed uptime. This service does run 24/7 and doesn’t shut down. I test all updates on my local machine to avoid any errors and bugs when I go live with the update.
Cross place databases. Since Roblox datastores data is only accessable on the place it is stored, if you want to be use that data on another place it’s impossible without something like this, granted if you were going to use something like this for a serious projec,t you would host it yourself as uptime and stability aren’t required, since I am not bound by any legal contract.
1 Like
You may want to consider checking your https support. Not only do the links you provide are in http and don’t force redirect to https, https fails to connect due to configuration issues. Until you fix, you put account/user data information at risk of being hijacked across transmission. This happens on both desktop and mobile, just happen to be on mobile at time of picture.
EDIT:
Image of error
1 Like
So basically you are saying even when roblox has DataStores down for whatever reason yours will still be running. I dont see that happening. As for pushing updates to a server and it not going down, thats arrogant to say the least speaking from experience because there is always something that will happen eventually that causes an issue. You wont often find these issues until someone complains.
I was saying that mine won’t be on forever since I am not obliged to maintain them and keep them online. That’s why I talked about backing the data up and storing it elsewhere.
You may want to double-check your source code. I see at least one place with an unsanitized parameter: https://github.com/pushgsck/GSCKStore/blob/master/verify.php#L4
I’d recommend taking a look at PHP’s prepared statements and using those instead of building the queries yourself, as it means you won’t be subject to injection. https://secure.php.net/manual/en/mysqli.quickstart.prepared-statements.php
4 Likes
Is it okay if we use this for Super Power Training Sim?
I mean Roblox their Datastores are sufficient when you only need to use the data for one place / universe. This is only really useful when you want to access the Datastore from another game that is not from the universe.
1 Like
I strongly urge you to read the serious concerns expressed above. It is not a good idea to use this for your game, especially considering that it has so many players.
3 Likes
Alright, just wanted to make sure, not just for me but for others that are curios about using this with their game that is similar to SPTS.
Thank you both.
You can use it for whatever you want, within reason. And as @sircfenner had said, do keep in mind with the concerns with using this. As for the player counts he had talked about too, it doesn’t really matter as of now because there is no throttling currently. However I do plan on adding it soon as a precaution to ease traffic going to the server. There will be a way to apply to get such limits removed however once this feature is implemented.
Thanks for that! Totally overlooked that as I wrote it once just to get the email verification system working. I will push an update whenever I get the chance to do so.
One other thing, by any chance have you exploited this in anyway?
1 Like
Server will be offline on the 11th October at 13:00 UTC+2 in a time window of 60 minutes.i have no choice in this, my provider is doing this regardless off my choice.
If this is the case, then this system is unreliable and can’t be used for any substantial player count games.
2 Likes
I got an email today from contsbo saying they have to do maintenance, I had no say in this. At no points did they ever ask me about this.
I have emailed them about it asking them what they are doing and if it is possible to not do whatever it is to my VPS but they are yet to respond.
Is it a bit weird that I’m still waiting for an email to verify.
Checked Spam Folders - Nothing