|
-
Dec 27th, 2004, 01:02 AM
#1
Thread Starter
Frenzied Member
What should i use?[serious]
Ladies and Gentlemen, boys and girls, dogs, cats, puppets, and frogs.
I'd like to get everyones ( or at least one person) to respond with their opinion on this.
Okay, i need a way to have a login type system at the start of my program. Just username and password basically. I have NEVER used databases in my programs all though i have used them in sample apps from books i read. What should i do? Store the names/passwords in .ini files on a webserver? or what lol i'd like this to be as easy as possible though.
:::`DISCLAIMER`:::
Do NOT take anything i have posted to be truthful in any way, shape or form.
Thank You!
--------------------------------
"Never heard about "hiking" poles. I usualy just grab a stick from the nature, and use that as a pole." - NoteMe
"Finaly I can look as gay as I want..." - NoteMe
Languages: VB6, BASIC, Java, C#. C++
-
Dec 27th, 2004, 01:33 AM
#2
Frenzied Member
Re: What should i use?[serious]
What is the program, in what language, web based, windows program, ...?
'Heading for the automatic overload'
Marillion, Brave, The Great Escape, 1994
'How will WE stand the FIRE TOMORROW?'
Eloy, Silent Cries and Mighty Echoes, The Vision - Burning, 1979
-
Dec 27th, 2004, 01:35 AM
#3
Thread Starter
Frenzied Member
Re: What should i use?[serious]
 Originally Posted by Lunatic3
What is the program, in what language, web based, winodws program, ...?
It's a chat system. ( sort of lol )
VB6(or .net) - preferably vb6.
Windows program.
Basically the jist of it is, they get login screen...they enter username/pass..it checks for correct or not. or they can register. etc then they get logged on and connected to the server.
:::`DISCLAIMER`:::
Do NOT take anything i have posted to be truthful in any way, shape or form.
Thank You!
--------------------------------
"Never heard about "hiking" poles. I usualy just grab a stick from the nature, and use that as a pole." - NoteMe
"Finaly I can look as gay as I want..." - NoteMe
Languages: VB6, BASIC, Java, C#. C++
-
Dec 27th, 2004, 01:37 AM
#4
Frenzied Member
Re: What should i use?[serious]
Okay, but where is the authentication done, on a remote server, local machine, ...?
'Heading for the automatic overload'
Marillion, Brave, The Great Escape, 1994
'How will WE stand the FIRE TOMORROW?'
Eloy, Silent Cries and Mighty Echoes, The Vision - Burning, 1979
-
Dec 27th, 2004, 01:38 AM
#5
Thread Starter
Frenzied Member
Re: What should i use?[serious]
:::`DISCLAIMER`:::
Do NOT take anything i have posted to be truthful in any way, shape or form.
Thank You!
--------------------------------
"Never heard about "hiking" poles. I usualy just grab a stick from the nature, and use that as a pole." - NoteMe
"Finaly I can look as gay as I want..." - NoteMe
Languages: VB6, BASIC, Java, C#. C++
-
Dec 27th, 2004, 06:20 AM
#6
Ex-Super Mod'rater
Re: What should i use?[serious]
Dunno if I'm stating the obvious here for you but when you store the passwords you will use a oneway encryption, like md5. This way to check the password you will run the md5 on it again then you just compare the stored hash code with the one of the password entered. Then if someone did manage to access your DB they won't be able to read off the passwords. This also means if someone sends you an email saying they forgot there password you can't find it out but can only reset it to something else for them.
Also if its being done on the server then I advise you run the md5 on the password before sending it, that way it secures from someone intercepting the packets .
When your thread has been resolved please edit the original post in the thread (  )
and amend "-[RESOLVED]-" to the end of the title and change the icon to  , Thank you.
When posting Code use the [VBCode]Code Here[/VBCode] tags to be able to use the code highlighting.

-
Dec 27th, 2004, 09:16 AM
#7
Re: What should i use?[serious]
 Originally Posted by Electroman
Dunno if I'm stating the obvious here for you but when you store the passwords you will use a oneway encryption, like md5. This way to check the password you will run the md5 on it again then you just compare the stored hash code with the one of the password entered. Then if someone did manage to access your DB they won't be able to read off the passwords. This also means if someone sends you an email saying they forgot there password you can't find it out but can only reset it to something else for them.
Also if its being done on the server then I advise you run the md5 on the password before sending it, that way it secures from someone intercepting the packets  .
1 word: "Dictionary Attack" 
Although you probably won't need uber security for a chat app.
I don't live here any more.
-
Dec 27th, 2004, 11:16 AM
#8
Thread Starter
Frenzied Member
Re: What should i use?[serious]
Yeah, there won't be any need for much security yet. There will be no privledges set on the user accounts, so if someone were to get on someones name it would do them no good....simply emailing support would get their password reset if they provided the answer to the secret question.
:::`DISCLAIMER`:::
Do NOT take anything i have posted to be truthful in any way, shape or form.
Thank You!
--------------------------------
"Never heard about "hiking" poles. I usualy just grab a stick from the nature, and use that as a pole." - NoteMe
"Finaly I can look as gay as I want..." - NoteMe
Languages: VB6, BASIC, Java, C#. C++
-
Dec 27th, 2004, 07:47 PM
#9
Ex-Super Mod'rater
Re: What should i use?[serious]
 Originally Posted by wossname
1 word: "Dictionary Attack" 
Not really a big issue, seen as though its being done romote its easy to make it so that if you get three wrong attempts it locks out attempts for that user for another 15sec. Then if the same happens 15sec turns to 30sec, then a minute ect, ect.... Easiest way to overcome dictionary attacks .
When your thread has been resolved please edit the original post in the thread (  )
and amend "-[RESOLVED]-" to the end of the title and change the icon to  , Thank you.
When posting Code use the [VBCode]Code Here[/VBCode] tags to be able to use the code highlighting.

-
Dec 28th, 2004, 05:06 PM
#10
Re: What should i use?[serious]
Don't listen to these heathens. Hash your password to a database, and pretend the dictionary attack will never happen!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|