Login Function



  • Hello Everyone,

    I want to implement login function in my application. My idea is to store the username and password in a text document in encoded form and use it as a database. Is it possible to di it. One more thing is that i want to give access to administrator only to create username and password for a new user.
    How can i do it. Please help.
    Thanks in advance


  • Moderators

    @rockon209 What is the use case? Why do you need user management in your app?
    I mean, different users of your app will log-in on the machine with their username/password /Windows user, Linux user).

    "encoded form" - do you mean encrypted?



  • I dont want all the user to have full access to my application. Yes encoded means i mean to say encrypted


  • Moderators

    @rockon209 Then it probably would be easier to have different versions of your application. Each user gets the version containing the functionality he/she should have. The activated feature set could depend on the key each user gets.



  • @rockon209 said in Login Function:

    I want to implement login function in my application. My idea is to store the username and password in a text document in encoded form and use it as a database. Is it possible to di it.

    Yes of course, Qt-comes with its own file-handle sytsem QFile you can do it that way or I would suggest looking into QSettings that should make it a bit easier for your purpose.

    Keep in mind, the text file as well as QSettings can easily be found and read by outsiders. It is incredibly difficult to make this as secure as possible.
    For the time being I suggest you look into SimpleCrypt as a beginners guide.

    One more thing is that i want to give access to administrator only to create username and password for a new user.
    How can i do it. Please help.

    You simply check if the user logged in with admin-rights, if not you block your write functions.
    But it is totally up to you, how you realize that.



  • Uses authentication:
    Store the username a salt and salted hash of the password (you can use QCryptographicHash with QCryptographicHash::Sha3_512 for this) and then compare the input (the hashing should be done server side) with the values stored (usually this is done in a SQL database). Once the user is authenticated it gets a token (a random string different every time for every user) that will be used to determine what the user can access.

    The problem is that you can't do this securely in a single application you'll need a server that can't be accessed by the user directly to do the auth. If an application can authenticate itself there will always be a way to crack it and convince the app to give admin rights regardless of what you input



  • @J-Hilk thanks for the reply

    @VRonin i dont want to make my application complex i will store the file in the local computer itself dont want to add server and all it will it way more complex. as i siad i just want to store the password and corresponding username in a file with encrypted format. i just cant think how i can loop with all the username and password which are store in the text file. is ther any way to go step by step in a loop and compare the user inputed password and the username and password which are stored in the file.



  • @rockon209 Please take at least 10 minutes to look at this: https://www.youtube.com/watch?v=8ZtInClXe1Q (spoiler alert, what you are trying to implement, using a single app, means there is a relatively easy way to read all the passwords you store and this is very bad)



  • @VRonin thanks for the info but for my application password security is not that important only it this i am using this login function to block the access for some functions of the application as some people are not familiar with the application and want to use just basic stuff, atlast administrator will have all the rights for the application.



  • @rockon209 said in Login Function:

    for my application password security is not that important

    Password security is of capital importance, always! remember that users tend to reuse their passwords so if you leak a password it might be used on someone's amazon account.

    I'd suggest you do not use user auth at all in your case. Stick with @jsulm 's advice

    @jsulm said in Login Function:

    Then it probably would be easier to have different versions of your application. Each user gets the version containing the functionality he/she should have.



  • okay thank you very much for the info.


Log in to reply
 

Looks like your connection to Qt Forum was lost, please wait while we try to reconnect.