Secure DB proxy?

python660 · August 2, 2023, 2:51pm

well, db doesn’t persist, so its kinda useless now that I think

SalladShooter · August 2, 2023, 3:34pm

@python660 what do you mean?

QwertyQwerty88 · August 2, 2023, 4:58pm

canned reply I made a while ago

So basically, when you run a (non-website) Repl you don’t own from the cover page, Replit will automatically fork the Repl (this is known as a ghost fork).

And when a Repl is forked by a user who doesn’t have edit permissions, all Secrets’ values are lost and the Replit DB doesn’t save to the original Repl’s DB. The only way you can have the Database save among all users is by setting the DB’s URL which can be very insecure and can allow users to delete your entire DB, edit the DB’s keys, or even add their own keys. There isn’t anything that can be done about this other than to just change your Repl into a website.

SalladShooter · August 2, 2023, 6:18pm

@QwertyQwerty88 is that why I can only see leaderboard users from my device (such as Owner SalladShooter and Beta Tester SalladShooter)? If so is there anyway to fix it?

QwertyQwerty88 · August 2, 2023, 6:20pm

From your account actually.

Firepup650 · August 2, 2023, 6:20pm

Probably. I’d recommend not using ReplDB (Highly recommend, it uses a lot of egress), but whether you do or not, you’ll need to use an external Repl or service for your DB.

Firepup650 · August 2, 2023, 6:23pm

You could use a ReplDB proxy, but that uses a lot of egress, and it should have security measures to make sure others can’t edit your DB.

QwertyQwerty88 · August 2, 2023, 6:25pm

that’s what I meant by this

BTW how are you supposed to do it securely?

Firepup650 · August 2, 2023, 6:27pm

If you used a DB Proxy, you could (somehow) have your game include a key in it’s DB requests, and have the proxy only accept requests with the key to access the DB. How to do that, I’m not sure, but it’s an idea.

SalladShooter · August 2, 2023, 6:28pm

@Firepup650 If you some how figure it out, it would probably be easier to invite you to my Repl.

QwertyQwerty88 · August 2, 2023, 6:28pm

Imma try make that, could be cool.

Firepup650 · August 2, 2023, 6:33pm

Proxy itself isn’t hard, a minute or two at most. It’s the security that I don’t know how to do.

SalladShooter · August 2, 2023, 6:34pm

@Firepup650 well I don’t know how to do a proxy either .

Firepup650 · August 2, 2023, 6:37pm

Only reason I do is because of this nice Repl: https://replit.com/@util/Replit-Database-proxy#main.py
Fork, change URL in your project (db.db_url="URL"), make sure the DB doesn’t sleep, and you’re good!

SalladShooter · August 2, 2023, 6:41pm

@Firepup650 wdym change url, change it to my game url? How do I make the db not sleep (I can’t do always on or deployments since I don’t have cycles)?

Firepup650 · August 2, 2023, 6:44pm

No, in the game change it to the DB’s URL (it hosts a webserver).

Pingers are always an option for something like this ¯⁠\⁠_⁠(⁠ツ⁠)⁠_⁠/⁠¯

SalladShooter · August 2, 2023, 6:46pm

@Firepup650 I don’t know pingers either .

QwertyQwerty88 · August 2, 2023, 7:02pm

wait how could you do that securely???

Firepup650 · August 2, 2023, 7:04pm

That’s where I hit a wall in my thought process. I’ll put more thoughts into it and see what I can come up with.

SalladShooter · August 2, 2023, 7:04pm

@Firepup650 ok thanks!