Author Topic: Logging on and security (Read 2954 times)

Keith · « **on:** June 29, 2014, 04:05:47 PM »

The software that I have developed so far does not require a 'Login' but am now thinking about add-on functionality that could be charged for, and would require a log on to get access to extra goodies.

So, I am wondering about the process and would like some advice.

1. The process for granting a login. User pays a fee say through PayPal and I manually send a password and record them on my database. Could this process be automated?

2. Passwords and security. If, on the standard log in form a user enters user Id = John, Password = mydoghasfleas then isn't it the case that the id and password would be sent in text to the server and therefore would not be secure? Is the simplest way to obtain security here to use Secwin?

Thanks

Keith

Bruce · « **Reply #1 on:** June 29, 2014, 10:13:14 PM »

Hi Keith;

>> 1. The process for granting a login. User pays a fee say through PayPal and I manually send a password and record them on my database. Could this process be automated?

Any process can be automated given enough time, and skill.

>> 2. Passwords and security. If, on the standard log in form a user enters user Id = John, Password = mydoghasfleas then isn't it the case that the id and password would be sent in text to the server and therefore would not be secure?

correct - hence the use of SSL if this is not ideal. (In most cases, if you have a Login, then SSL should be desired.)

>> Is the simplest way to obtain security here to use Secwin?

It's not the simplest - see example 3 for the simplest - but it's probably the most comprehensive. (It might be overkill if this is a simple-login scenario though.)

cheers
Bruce

NetTalk Central

Author Topic: Logging on and security (Read 2954 times)

Keith

Logging on and security

Bruce

Re: Logging on and security