I was developing a client and server game application. I was using a web service (WCF). In this way, the client application doesn’t store the password of the database. It access the web service instead, so the password could not be hacked. But now, I think I could develop faster if I could use Entity Framework. But I tried a long time ago, and I read that WCF is not compatible with EntityFramework, because of some attribute stuff that could not serialize.
So I guess, if I use entity framework, I can not split in two applications (client and server). Or can I?
So is there any safe way to not be hacked if I develop only one application (not splitting in client/server). This application would connect to database, but it needs the password. But I think I can’t store the password in the same application the client use. What should I do?
Maybe my ideias are confused, sorry. Please help me. Thanks.
There is no real way to secure password when you pass connection string to the client. Even if you encrypt it somehow your application will still need an encryption key to decrypt the connection string / password so user will be able to search for that key (disassembling) and decrypt it as well. Once you pass connection string to the client you are giving him permissions to your database. Because of that you must gave him user name and password which will allow him doing only allowed queries and changes – that is hardly possible when you distribute a game because that would require separate unique login for each your client and whole your data access will have to be done through stored procedures. You should never expose database to public (no database admin would allow that). You need client / server.
Show what real problems you read about or what real problems you really have.
WCF can be used with Entity framework. There are even WCF Data Services which expose entity framework model as REST OData service. The only problems common WCF service has with EF are lazy loading which should be turned off and serialization where you have to deal with cyclic references or use data transfer objects instead of real entities.