What should i use?[serious]
Ladies and Gentlemen, boys and girls, dogs, cats, puppets, and frogs.
I'd like to get everyones ( or at least one person) to respond with their opinion on this. :thumb:
Okay, i need a way to have a login type system at the start of my program. Just username and password basically. I have NEVER used databases in my programs all though i have used them in sample apps from books i read. What should i do? Store the names/passwords in .ini files on a webserver? or what lol i'd like this to be as easy as possible though.
:afrog:
Re: What should i use?[serious]
What is the program, in what language, web based, windows program, ...?
Re: What should i use?[serious]
Quote:
Originally Posted by Lunatic3
What is the program, in what language, web based, winodws program, ...?
It's a chat system. ( sort of lol )
VB6(or .net) - preferably vb6.
Windows program.
Basically the jist of it is, they get login screen...they enter username/pass..it checks for correct or not. or they can register. etc then they get logged on and connected to the server. :ehh:
Re: What should i use?[serious]
Okay, but where is the authentication done, on a remote server, local machine, ...?
Re: What should i use?[serious]
Re: What should i use?[serious]
Dunno if I'm stating the obvious here for you but when you store the passwords you will use a oneway encryption, like md5. This way to check the password you will run the md5 on it again then you just compare the stored hash code with the one of the password entered. Then if someone did manage to access your DB they won't be able to read off the passwords. This also means if someone sends you an email saying they forgot there password you can't find it out but can only reset it to something else for them.
Also if its being done on the server then I advise you run the md5 on the password before sending it, that way it secures from someone intercepting the packets :).
Re: What should i use?[serious]
Quote:
Originally Posted by Electroman
Dunno if I'm stating the obvious here for you but when you store the passwords you will use a oneway encryption, like md5. This way to check the password you will run the md5 on it again then you just compare the stored hash code with the one of the password entered. Then if someone did manage to access your DB they won't be able to read off the passwords. This also means if someone sends you an email saying they forgot there password you can't find it out but can only reset it to something else for them.
Also if its being done on the server then I advise you run the md5 on the password before sending it, that way it secures from someone intercepting the packets :).
1 word: "Dictionary Attack" :D
Although you probably won't need uber security for a chat app.
Re: What should i use?[serious]
Yeah, there won't be any need for much security yet. There will be no privledges set on the user accounts, so if someone were to get on someones name it would do them no good....simply emailing support would get their password reset if they provided the answer to the secret question.
:wave:
Re: What should i use?[serious]
Quote:
Originally Posted by wossname
1 word: "Dictionary Attack" :D
Not really a big issue, seen as though its being done romote its easy to make it so that if you get three wrong attempts it locks out attempts for that user for another 15sec. Then if the same happens 15sec turns to 30sec, then a minute ect, ect.... Easiest way to overcome dictionary attacks :).
Re: What should i use?[serious]
Don't listen to these heathens. Hash your password to a database, and pretend the dictionary attack will never happen!