Results 1 to 10 of 10

Thread: What should i use?[serious]

  1. #1

    Thread Starter
    Frenzied Member ice_531's Avatar
    Join Date
    Aug 2002
    Location
    Sitting w/ Bob Status: -Next -To- Null- Friend: Philip
    Posts
    1,152

    What should i use?[serious]

    Ladies and Gentlemen, boys and girls, dogs, cats, puppets, and frogs.

    I'd like to get everyones ( or at least one person) to respond with their opinion on this.

    Okay, i need a way to have a login type system at the start of my program. Just username and password basically. I have NEVER used databases in my programs all though i have used them in sample apps from books i read. What should i do? Store the names/passwords in .ini files on a webserver? or what lol i'd like this to be as easy as possible though.

    :::`DISCLAIMER`:::
    Do NOT take anything i have posted to be truthful in any way, shape or form.
    Thank You!

    --------------------------------
    "Never heard about "hiking" poles. I usualy just grab a stick from the nature, and use that as a pole." - NoteMe
    "Finaly I can look as gay as I want..." - NoteMe
    Languages: VB6, BASIC, Java, C#. C++

  2. #2
    Frenzied Member
    Join Date
    Oct 2002
    Location
    Gammapolis
    Posts
    1,474

    Re: What should i use?[serious]

    What is the program, in what language, web based, windows program, ...?
    'Heading for the automatic overload'
    Marillion, Brave, The Great Escape, 1994

    'How will WE stand the FIRE TOMORROW?'
    Eloy, Silent Cries and Mighty Echoes, The Vision - Burning, 1979

  3. #3

    Thread Starter
    Frenzied Member ice_531's Avatar
    Join Date
    Aug 2002
    Location
    Sitting w/ Bob Status: -Next -To- Null- Friend: Philip
    Posts
    1,152

    Re: What should i use?[serious]

    Quote Originally Posted by Lunatic3
    What is the program, in what language, web based, winodws program, ...?
    It's a chat system. ( sort of lol )
    VB6(or .net) - preferably vb6.
    Windows program.

    Basically the jist of it is, they get login screen...they enter username/pass..it checks for correct or not. or they can register. etc then they get logged on and connected to the server.
    :::`DISCLAIMER`:::
    Do NOT take anything i have posted to be truthful in any way, shape or form.
    Thank You!

    --------------------------------
    "Never heard about "hiking" poles. I usualy just grab a stick from the nature, and use that as a pole." - NoteMe
    "Finaly I can look as gay as I want..." - NoteMe
    Languages: VB6, BASIC, Java, C#. C++

  4. #4
    Frenzied Member
    Join Date
    Oct 2002
    Location
    Gammapolis
    Posts
    1,474

    Re: What should i use?[serious]

    Okay, but where is the authentication done, on a remote server, local machine, ...?
    'Heading for the automatic overload'
    Marillion, Brave, The Great Escape, 1994

    'How will WE stand the FIRE TOMORROW?'
    Eloy, Silent Cries and Mighty Echoes, The Vision - Burning, 1979

  5. #5

    Thread Starter
    Frenzied Member ice_531's Avatar
    Join Date
    Aug 2002
    Location
    Sitting w/ Bob Status: -Next -To- Null- Friend: Philip
    Posts
    1,152

    Re: What should i use?[serious]

    remote.
    :::`DISCLAIMER`:::
    Do NOT take anything i have posted to be truthful in any way, shape or form.
    Thank You!

    --------------------------------
    "Never heard about "hiking" poles. I usualy just grab a stick from the nature, and use that as a pole." - NoteMe
    "Finaly I can look as gay as I want..." - NoteMe
    Languages: VB6, BASIC, Java, C#. C++

  6. #6
    Ex-Super Mod'rater Electroman's Avatar
    Join Date
    Sep 2000
    Location
    Newcastle, England
    Posts
    4,349

    Re: What should i use?[serious]

    Dunno if I'm stating the obvious here for you but when you store the passwords you will use a oneway encryption, like md5. This way to check the password you will run the md5 on it again then you just compare the stored hash code with the one of the password entered. Then if someone did manage to access your DB they won't be able to read off the passwords. This also means if someone sends you an email saying they forgot there password you can't find it out but can only reset it to something else for them.

    Also if its being done on the server then I advise you run the md5 on the password before sending it, that way it secures from someone intercepting the packets .
    When your thread has been resolved please edit the original post in the thread ()
    and amend "-[RESOLVED]-" to the end of the title and change the icon to , Thank you.

    When posting Code use the [VBCode]Code Here[/VBCode] tags to be able to use the code highlighting.

  7. #7
    type Woss is new Grumpy; wossname's Avatar
    Join Date
    Aug 2002
    Location
    #!/bin/bash
    Posts
    5,682

    Re: What should i use?[serious]

    Quote Originally Posted by Electroman
    Dunno if I'm stating the obvious here for you but when you store the passwords you will use a oneway encryption, like md5. This way to check the password you will run the md5 on it again then you just compare the stored hash code with the one of the password entered. Then if someone did manage to access your DB they won't be able to read off the passwords. This also means if someone sends you an email saying they forgot there password you can't find it out but can only reset it to something else for them.

    Also if its being done on the server then I advise you run the md5 on the password before sending it, that way it secures from someone intercepting the packets .
    1 word: "Dictionary Attack"

    Although you probably won't need uber security for a chat app.
    I don't live here any more.

  8. #8

    Thread Starter
    Frenzied Member ice_531's Avatar
    Join Date
    Aug 2002
    Location
    Sitting w/ Bob Status: -Next -To- Null- Friend: Philip
    Posts
    1,152

    Re: What should i use?[serious]

    Yeah, there won't be any need for much security yet. There will be no privledges set on the user accounts, so if someone were to get on someones name it would do them no good....simply emailing support would get their password reset if they provided the answer to the secret question.

    :::`DISCLAIMER`:::
    Do NOT take anything i have posted to be truthful in any way, shape or form.
    Thank You!

    --------------------------------
    "Never heard about "hiking" poles. I usualy just grab a stick from the nature, and use that as a pole." - NoteMe
    "Finaly I can look as gay as I want..." - NoteMe
    Languages: VB6, BASIC, Java, C#. C++

  9. #9
    Ex-Super Mod'rater Electroman's Avatar
    Join Date
    Sep 2000
    Location
    Newcastle, England
    Posts
    4,349

    Re: What should i use?[serious]

    Quote Originally Posted by wossname
    1 word: "Dictionary Attack"
    Not really a big issue, seen as though its being done romote its easy to make it so that if you get three wrong attempts it locks out attempts for that user for another 15sec. Then if the same happens 15sec turns to 30sec, then a minute ect, ect.... Easiest way to overcome dictionary attacks .
    When your thread has been resolved please edit the original post in the thread ()
    and amend "-[RESOLVED]-" to the end of the title and change the icon to , Thank you.

    When posting Code use the [VBCode]Code Here[/VBCode] tags to be able to use the code highlighting.

  10. #10
    I'm about to be a PowerPoster! mendhak's Avatar
    Join Date
    Feb 2002
    Location
    Ulaan Baator GooGoo: Frog
    Posts
    38,170

    Re: What should i use?[serious]

    Don't listen to these heathens. Hash your password to a database, and pretend the dictionary attack will never happen!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width