|
-
Dec 29th, 2004, 08:00 PM
#1
Thread Starter
Frenzied Member
Login / Registration Method
Hello Everyone,
Okay, the past 2 days i've been working on a login / registration method for my chat system. Thus far i've gotten it to do the following:
(server - form load...i have all the names from my username field in the database loaded into a listbox)
Registration - Someone registers, it sends the username and password to the server and server stores them in strings, after they've been split up. Then my CheckList function is invoked, whereas the username that has been stored is double checked against my listbox to see if there is a duplicate. If there is then it stops there and sends back a message telling the client. If there isn't a match then it continues and puts the new username/password into the database and sends back a registration complete message.
All of this doesn't require any "searching" of the database exactly...more or less i went around that by using a listbox seeing as how i don't really know many sql statements and didn't want to search the database.
My next step is the login process....ill have to check both username AND password this time
Maybe this will shed some light on any others who are having thoughts of a similiar process, or someone would like to comment on how stupid my method is.
Ice
:::`DISCLAIMER`:::
Do NOT take anything i have posted to be truthful in any way, shape or form.
Thank You!
--------------------------------
"Never heard about "hiking" poles. I usualy just grab a stick from the nature, and use that as a pole." - NoteMe
"Finaly I can look as gay as I want..." - NoteMe
Languages: VB6, BASIC, Java, C#. C++
-
Dec 29th, 2004, 08:01 PM
#2
Thread Starter
Frenzied Member
Re: Login / Registration Method
Also, any suggestions for the login process or further would be appreciated 
i haven't thought over fully...about possibly encrypting the pwds in database because i dont see security as coming to be a big issue.
:::`DISCLAIMER`:::
Do NOT take anything i have posted to be truthful in any way, shape or form.
Thank You!
--------------------------------
"Never heard about "hiking" poles. I usualy just grab a stick from the nature, and use that as a pole." - NoteMe
"Finaly I can look as gay as I want..." - NoteMe
Languages: VB6, BASIC, Java, C#. C++
-
Dec 29th, 2004, 08:14 PM
#3
Re: Login / Registration Method
If you are sending the password in cleartext that is a mistake. Only a "one-way" encryption method should be used and the password "passed" to the server in that form already.
Is that what you are doing?
-
Dec 29th, 2004, 08:19 PM
#4
Thread Starter
Frenzied Member
Re: Login / Registration Method
im using a simple encryption type method..if you even want to call it that, i made a function lets call it
encrypt. It will replace every other char with a rand char created using rnd * 3.14 i believe. don't have my project open at the moment.
Then on server side it uses a decrypt function , imean this is no MD5 hashed pwds routine but i think its fine for what im doing and no one else would know the encryption routine anyways, or the decryt .
:::`DISCLAIMER`:::
Do NOT take anything i have posted to be truthful in any way, shape or form.
Thank You!
--------------------------------
"Never heard about "hiking" poles. I usualy just grab a stick from the nature, and use that as a pole." - NoteMe
"Finaly I can look as gay as I want..." - NoteMe
Languages: VB6, BASIC, Java, C#. C++
-
Dec 29th, 2004, 08:21 PM
#5
Re: Login / Registration Method
Well if the client side is using RND then the server side (using RND also) will never guess that the password matches. So how did you overcome that fact?
-
Dec 29th, 2004, 08:23 PM
#6
Thread Starter
Frenzied Member
Re: Login / Registration Method
I did do a c++ encryption program sometime back, i could compile it to a DLL and use it on serverside to call its functions.
don't see the need though, whats the need for so much encryption in the first place? This is not a commercial app, just a long term project that might possibly become something more if it has a good turnout with some friends and other people who use it. How might someone get to the database to see the usernames/passwords? It is password protected, and i doubt one could catch any packets sent to grab username/password information.
:::`DISCLAIMER`:::
Do NOT take anything i have posted to be truthful in any way, shape or form.
Thank You!
--------------------------------
"Never heard about "hiking" poles. I usualy just grab a stick from the nature, and use that as a pole." - NoteMe
"Finaly I can look as gay as I want..." - NoteMe
Languages: VB6, BASIC, Java, C#. C++
-
Dec 29th, 2004, 08:25 PM
#7
Thread Starter
Frenzied Member
Re: Login / Registration Method
 Originally Posted by szlamany
Well if the client side is using RND then the server side (using RND also) will never guess that the password matches. So how did you overcome that fact?
because theres only one value that came out at the end, encrypt simply multiplies by 27 and decrypt divides by 27.
im using these as an example this is not my acual code, posting it would defeat the purpose of it being secure
:::`DISCLAIMER`:::
Do NOT take anything i have posted to be truthful in any way, shape or form.
Thank You!
--------------------------------
"Never heard about "hiking" poles. I usualy just grab a stick from the nature, and use that as a pole." - NoteMe
"Finaly I can look as gay as I want..." - NoteMe
Languages: VB6, BASIC, Java, C#. C++
-
Dec 29th, 2004, 08:28 PM
#8
Re: Login / Registration Method
Then with that said, blow away the password question altogether and simply ask for the username.
Don't fake a password validation if you aren't attempting to do it completely.
The worst thing you could do is give people a false sense of security.
BTW - one way encryption could be as simple as turning A and B into 1, C and D into 2 and so on. After encryption - you could never decrypt, because more than one possibility exists for the value. But, that also means that no one can guess the password by looking at the encrypted values - since they cannot be decrypted.
-
Dec 29th, 2004, 08:37 PM
#9
Thread Starter
Frenzied Member
Re: Login / Registration Method
 Originally Posted by szlamany
Then with that said, blow away the password question altogether and simply ask for the username.
Don't fake a password validation if you aren't attempting to do it completely.
The worst thing you could do is give people a false sense of security.
Maybe you misunderstand me, i don't understand your statements there.
Also
BTW - one way encryption could be as simple as turning A and B into 1, C and D into 2 and so on. After encryption - you could never decrypt, because more than one possibility exists for the value. But, that also means that no one can guess the password by looking at the encrypted values - since they cannot be decrypted.
Noted. - ill search around some more on it
:::`DISCLAIMER`:::
Do NOT take anything i have posted to be truthful in any way, shape or form.
Thank You!
--------------------------------
"Never heard about "hiking" poles. I usualy just grab a stick from the nature, and use that as a pole." - NoteMe
"Finaly I can look as gay as I want..." - NoteMe
Languages: VB6, BASIC, Java, C#. C++
-
Dec 29th, 2004, 08:41 PM
#10
Re: Login / Registration Method
At any given high school, I would assume that there is at least one bad egg student who is sniffing around looking for interesting traffic on the network.
If a packet passes by with a username and password - in clear text - then that bad egg would have free reign of the farm.
So, if you are not going to encrypt the password, then don't ask for it at all.
Otherwise you offer a false sense of security to your user group.
-
Dec 29th, 2004, 08:44 PM
#11
Thread Starter
Frenzied Member
Re: Login / Registration Method
heh, point taken.
thanks for all of your advice
:::`DISCLAIMER`:::
Do NOT take anything i have posted to be truthful in any way, shape or form.
Thank You!
--------------------------------
"Never heard about "hiking" poles. I usualy just grab a stick from the nature, and use that as a pole." - NoteMe
"Finaly I can look as gay as I want..." - NoteMe
Languages: VB6, BASIC, Java, C#. C++
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|