Sign in to follow this  
Followers 0
drtrann

authentication system

8 posts in this topic

#1 ·  Posted (edited)

so I've made an application that I hope to distribute, but I'm a little concerned that 1 guy will buy it, and start spreading it across the interwebs so i've started to do some reasearch on authentication systems.

as of right now I have a mysql database setup and have a rough idea of how to properly get it to work, but my major questions are more to do with strategy of implementation.

right now I'm trying to figure out how to properly properly make sure the person isnt just passing the login information with the file (IE close the app if multiple people are logged in with the same creds).

crash/sudden disconnect protection: basically make sure that if somone's computer/program crashes and the disconnect code wasnt able to execute that it doesnt lock out legitimate users.

im sure there are a lot of important things im missing, have never messed with any sort of authentication system and hope to do proper research before I tackle something entirely new

Edited by drtrann

Share this post


Link to post
Share on other sites



There are a few scripts around that try to do what you need. One of them is


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

There are a few scripts around that try to do what you need. One of them is

yeah i saw that, my only take away is that xprotec seems overly complicated for what i need. what im thinking is just having it so 2 unique hardware ID's can work under a given username (person's email) if they attempt to login login with a different hardware ID it tosses an error and they cant run the application. this way i wont need to worry about if the program crashed/ open connections/locked accounts.

I know system ID's can be spoofed, but im hoping this will at least deter the copy pasters who wouldnt know/care enough to spoof hardware IDs

now given the above, is there anything glaringly obvious that im missing?

Edited by drtrann

Share this post


Link to post
Share on other sites

Have a look at this


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

I had the same issue, what I do is use a mysql db for the login details BUT I also do 2 other things, I send the user a test file which gets me the hard drive id number which I tell the script to check, I also put a blank php file on the server, I check the file exists via the script too, that way it will only work on ONE machine, delete the file and it stops working.

Share this post


Link to post
Share on other sites

thank you for the hardware ID information.

now comes the actual coding questions.

I need my code to be able to assign the hardware ID's the user's row in the database, but to do that it would need edit access to the database, now im very very very much against hardcoding that in somewhere in the program. is there another way to do this that doesnt put my database at risk. (in that PHP link you gave me water they do this with the PHP file, but there they hardcore in the username/password which would make it even easier to find (they would just have to view the php file)). maybe i just dont understand how PHP works, but hardcoding in the access information for a database seems like a really bad idea

Share this post


Link to post
Share on other sites

You cannot view/download a php file from clientside.

ah well that puts me a bit as ease :D

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0