Client side scripting code safety


#1

Hello, I want to ask if client side script( C# ) is downloaded by client itself somewhere in the local cache? Like for example javascript code in browser.
And is it safe for example to run MySQL functions inside mine ResourceClient.net.dll compiled library? Specifying database username, password private information etc.


#2

The client side code is heavily sand-boxed to protect the client (not your code) so, you won’t be able to create any connection on the client. This means, no SQL connection.

Instead, you will have to do the connection stuff on the server and send the results to the client.

As a side note: Anything you put on the client has the potential to be executed by a malicious user. This means that if you could get a connection to an SQL database on the client, a malicious user could run it with malicious code and delete all data on the database. In this case, you should be glad the client cannot do this :stuck_out_tongue:

I believe the DLL is packed into an RPF file (like the Lua code) and this is sent to the client. I think it’s encrypted (or something) and the client would need to decompile the code from the DLL (which, is trivial to the right people).


#3

Okay, so it is just like javascript code I see in the browser.
Thanks :slight_smile: