I have a web application with a SQL database backend. The database has a [UserAccounts] table that stores [Username], [PasswordHash], and [PasswordSalt]. The web application creates the hash and salt (and authenticates). That all works as it should. No problem.
I would like to integrate a 2nd, desktop application with the database. This application would run more like a service or a scheduled task. What I need to be able to do, is authenticate a Username and Password every time this application executes. Since it will be running as a scheduled task (without user intervention) I need to be able to store a Username and Password locally (in a XML or INI file perhaps) that can be authenticated with the Username and PasswordHash in the database.
What is the best way to securely store a Password so that it is not in plain text? Or is there another/better way to accomplish what I need to do?
The desktop application is written in VB.NET.
Thanks in advance!
Related
I need to do a login and user registration form without using a database. The ideia is getting it working just like a normal website login/registration form, but it only has to work locally (in my computer, without web). So what's the better way to do this? Thank you
Please Try using CSV or excel file
where one column can store the username and the other can store password
You could create a file settings, where you set your users and passwords.
Login form would work normally, into backend you have to ask to your settings files instead of database.
Is it possible that a website uses the models of another lavarel website to access the database, without the first website having the sql credentials hardcoded. But with the credentials to log into the second lavarel website hardcoded.
This way the first website doesn't have to have the sql credentials on it's ftp server, but can still access the databases through the other website (with their personal login of that website).
If that is impossible, I am wondering, is there a way to access a databases without having to hardcode the credentials anywhere.
UPDATE (the actual problem)
Only a part of the database should be visible to a particular user, so i can provide different users with different credentials and they all see something different in the database
What you are talking about is an API. So you'd build out the entire infrastructure on the first website, then on the second website, it would make some kind of calls to the first website to get back the information it needs, usually using some kind of credentials or access token.
This way, you can allow anyone in the world to communicate with your website, kind of like how Facebook, or Twitter does.
As far as accessing your database, you would need to tell your app somewhere the credentials to use, so technically, you do need to hardcode them somewhere as they can't just magically make up some credentials somehow to access a database.
if your different users are defined:
use laravel model/db event to replicate the data to a database by
user.
Or sync each database with a cron job..
These have benefits to avoid security transport problems.
I need a little guidance on what I can do with an FTP site I am creating.
Essentially the FTP is to provide data that end users have requested. Workflow is as follow:
User selects what data they want -> User's info (contact, requested data/formats, custom user and password string) stored in SQL table -> Email sent to FTP manager with unique ID of end user -> FTP Manager runs script using unique ID as input, generating the requested data -> Data stored in directory on FTP server and email sent to end user with credentials for obtaining data.
So far, everything up to the credentials part of my workflow is working. The FTP uses no authentication as of right now (because I'm not sure what needs to be done to do so).
My question is, is it possible for me to create IIS users to access the FTP site using the user/password string I create when the end user makes the request, that way I can use some authorization on the FTP site? Am I even approaching this in the correct manner? I'm no IIS/DB guru but I know enough to break something.
What I think I should do:
Set the authentication to use IISManagerAuth, and with magic create the IIS users based off of the credentials I create from the end user request (This is what I am going to try and do while you smart folk point and laugh at my lack of understanding and blindness of the inevitable).
Any guidance appreciated!
I need that in a Intranet application that is made with Play Framework 2, the credentials that the users have for authentication can also be used to authenticate to the database and that every statement sent to it also uses this credentials.
In other words, to each user of the application corresponds a database user and password.
Thanks in advance.
This means you won't be able to use the connection pool, and instead you will create a connection-per-request sort of, right? No built in support in play for this, but probably not very hard to do yourself.
The exact solution depends on how you will access your database (Slick, ANORM, something else?) but basically you will have to create some abstraction that takes auth and creates a database session that your database interacting code will use.
I am creating a new Silverlight 4 business application using RIA services. This will be using a SQL-Server 2005 DB. There is no AD setup so I am required to use SQL Server Authentication. The details that the user uses to login to the system will be used to hit the SQL Server.
E.g., if username="TestUser" and password="Password" is entered in the login screen of the application, these will be the credentials that will be used to access the DB.
I am wondering what the best way to do this will be? At this point the method of accessing the DB is undecided (EF or 'traditional' ADO.NET using stored procs).
I think current applications take the username and password entered into the login screen, use them to build a connection string and see if they can hit the DB using this, if it works they're in, if not they're declined.
I ended up going with EF and changing the AuthenticationServices Login() method to attempt to hit the database with the required username and password.
I wrote a blog post about how I Dynamically changed connection string for EF