PDA

View Full Version : Login system in Qt



szabolcsx
13th February 2015, 09:35
Hi. I need some help to decide which is the correct method of implementing a login system with Qt and MySql.

The first method which can be found everywhere on the internet is the following: Make a table called users in MySql. Create a username and a password column, and query from the user it's username and password then verify if those matches with the pair in users table. My problem with this method is that I need to hardcode/save to disk the server's login credentials(username and password).

The second method would be creating MySql accounts for all users. Using this method, the user will be queried for the server's username and password and I can avoid hardcoding/saving to disk those credentials.

Which is the correct method? Or I misunderstood the whole concept and there is an other method?
Thank you for your help :)

Update:

The third option would be to implement a layer between the server and end-user application which is hosted alongside server. So the credentials would never leave the server.

wysota
13th February 2015, 11:17
Both methods are ok however be aware that if you just do a true/false validation in your client application (like with the first approach), it is easy to hack into the system by altering your application binary to not do the validation at all. In addition to that make sure you use encrypted channel to communicate with the database otherwise someone might sniff your username/password combination.

szabolcsx
13th February 2015, 11:23
I think I will chose the third method. So if somebody wants to do something which isn't allowed, he will simply get a message that the requested operation is not permitted.

wysota
13th February 2015, 11:38
Have a look at OAUTH system.