Jump to content
Sign in to follow this  
drtrann

authentication system

Recommended Posts

drtrann

so I've made an application that I hope to distribute, but I'm a little concerned that 1 guy will buy it, and start spreading it across the interwebs so i've started to do some reasearch on authentication systems.

as of right now I have a mysql database setup and have a rough idea of how to properly get it to work, but my major questions are more to do with strategy of implementation.

right now I'm trying to figure out how to properly properly make sure the person isnt just passing the login information with the file (IE close the app if multiple people are logged in with the same creds).

crash/sudden disconnect protection: basically make sure that if somone's computer/program crashes and the disconnect code wasnt able to execute that it doesnt lock out legitimate users.

im sure there are a lot of important things im missing, have never messed with any sort of authentication system and hope to do proper research before I tackle something entirely new

Edited by drtrann

Share this post


Link to post
Share on other sites
water

There are a few scripts around that try to do what you need. One of them is


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-12-03 - Version 1.4.11.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
drtrann

There are a few scripts around that try to do what you need. One of them is

yeah i saw that, my only take away is that xprotec seems overly complicated for what i need. what im thinking is just having it so 2 unique hardware ID's can work under a given username (person's email) if they attempt to login login with a different hardware ID it tosses an error and they cant run the application. this way i wont need to worry about if the program crashed/ open connections/locked accounts.

I know system ID's can be spoofed, but im hoping this will at least deter the copy pasters who wouldnt know/care enough to spoof hardware IDs

now given the above, is there anything glaringly obvious that im missing?

Edited by drtrann

Share this post


Link to post
Share on other sites
water

Have a look at this


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-12-03 - Version 1.4.11.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
Phaser

I had the same issue, what I do is use a mysql db for the login details BUT I also do 2 other things, I send the user a test file which gets me the hard drive id number which I tell the script to check, I also put a blank php file on the server, I check the file exists via the script too, that way it will only work on ONE machine, delete the file and it stops working.

Share this post


Link to post
Share on other sites
drtrann

thank you for the hardware ID information.

now comes the actual coding questions.

I need my code to be able to assign the hardware ID's the user's row in the database, but to do that it would need edit access to the database, now im very very very much against hardcoding that in somewhere in the program. is there another way to do this that doesnt put my database at risk. (in that PHP link you gave me water they do this with the PHP file, but there they hardcore in the username/password which would make it even easier to find (they would just have to view the php file)). maybe i just dont understand how PHP works, but hardcoding in the access information for a database seems like a really bad idea

Share this post


Link to post
Share on other sites
drtrann

You cannot view/download a php file from clientside.

ah well that puts me a bit as ease :D

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×