I am trying to find a solution through which I could implement user authentication (login / password) within HTML5 and without using any server language or database.
Is it even possible or I am just being crazy?
Thanks.
You would have to store every user's login and password in a database and use PHP to access it. This is assuming you're storing many users' information and if one wants to login it matches the entered password/login with the onea in the database when they created an account.
Related
I have created a database with two tables on my phpMyAdmin account, and I'm using 000webhost for a web hosting. Once I logged out of my account, and re logged in, everything was deleted. Does anyone know how I can save the database I have re added? thanks so much
Normally a database would persist across login sessions. The only possible exception would be if you log in as different users (which could be different usernames or if you use fine-grained IP-based access controls, for instance, two different users both with username natasha, one host 192.0.2.1 and another with host 192.0.2.50). If those users don't have full access, they might not be able to see the database owned by the other user.
Other than that, I can't think of any reason your data wouldn't persist and suggest you contact your hosting provider's support for further assistance.
I am very sorry if this has been answered before, but I have searched for 2 days and cannot find the answer. I have 2 databases and I need to import users from the current database to a new one. The new database is for a chat system that has recently bee installed and I would like all users to be added to it.
So I thought I would simply manually add the users in the new database using information from phpmyadmin. But the encryption for the password is a different format and will not work.
For example in the first database the encryption is:
z70I9QINffX2Hh7FxQ==
In the second database the format is:
3eb5c61f784aa3c2e11d879382387d420f7c4ebf
Neither seem to be MD5 and I can't find out which type it is.
I know this is a stretch but does anyone know of a way to detect the type of encryption and how I can take a password, such as 'password' and encrypt it using the correct encryption type?
Thank you
You could try using a generic password for the root user, or logging into mysql as the root user & creating another user manually. Not sure what kind of access you have, but that's been the best bet in my experience.
Hope it helps.
The password encryption mechanism would be stored in the application's code. The 1st example looks like Base64 but can't be sure without comparing others. The 2nd example appears to be SHA1/MySQL5 Sha1(Sha1(pass)).
You're going to have to research the apps that are using these databases and to determine how it's creating and storing these account passwords in the database. Either way, you are trying to link 2-dbs that have different password mechanisms, that might require standardization of the passwords which might mean a password resets.
There is a harder way, you have a database of one-way hashed passwords. It will require a bit of focus in scripting... You would have to generate hashes for the cryptographic hashes used and compare to your users passwords to get the plaintext password. Then you recreate their accounts in the new DB using their passwords to create the new user with same credentials.
I am writing a multi-user-application in Delphi (Object Pascal).
I want to use either MySql, Oracle or PostgreSQL as database.
I have a table Users with a username and password column.
(I do not want to have seperate DB logins for each user)
Of course the application itself has to connect to the database and authorize users by the entered username and password combination.
Software like SAP, Sage or Social Networks would use the same approach, i would guess?
So the application has to know a DB login username and password to connect to the database and then check the Users table.
My question is:
Where do i save the DB login username and password for the application so it can check the Users table?
I do not want to hardcode it in the application as it can be easily accessed by reverse engineering and then used to directly connect to the database.
Honestly, your best approach is to follow best security practices around your server. You could use a salt, but the hash function will have to live on the server, too, and if a hacker has access to the server in the first place then it won't be long before they find the hash and pull the password.
I think efficient organization actually produces some security through obscurity. That is, put the DB connect credentials and string in a config file. Still, access to the application code will give a hacker the clues to get what they want, but it doesn't mean you shouldn't follow best coding practices.
Then, lock down your box. Work with your security team to make sure it isn't accessible by anyone they don't want accessing it.
Im looking for a way to encrypt a mysql DB so that only a logged in user can access their data, any other user will not be able to access the data, even if they are the system admin and are able to download the .sql file and browse it locally.
Is there a way to implement this ?
Background / Why I would want to do this - Someone was talking to me the other day about creating a web application for use in their industry, they wanted to produce the web app, use it in house, but also offer it to other companies in their industry as a SaaS platform, as a point of trust they wanted to setup their DB so that they could not access the data of what would be their users (which may also happen to be their competitors)
If each user/account holder has to provide a cryptographic key at login, which is stored in the session (not the database) then all their data could be encrypted (hashed) so that anyone with admin access would look at the tables and not see data.
There's no way to guarantee that the administrator, already having database access, couldn't get webserver access and intercept the key, however.
I'm a beginner in Web Designing. I have an application which requires login. After i login on every next page i want to use the user's username for storing and retrieving data from mysql database. How to do this? Please help me out!
First: You have to learn about JAAS:
really complete and technical http://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/AcnOnly.html
In fact it depends of your application server and the login module you want to use for login (tomcat; glassfish; kerberos; database ...)
Second: Think also to reuse cloud authentication like OpenID Connect and provider like Google, Yahoo!
Third: At the end you will found information in the Principal see What is the meaning of Subject vs. User vs. Principal in a Security Context?