User Authentication / Database Security

Question

Hi there, I am trying to make a database using uGameDB but there are some things I'm uncertain about.

How would I go about creating an authentication system that is actually secure? I have some code for one written up but the password field I am uncertain about. I need to make sure that the game can read it, that the user can request their password back via email, and that human's can't read it from the database (i.e encrypted).

I can not find valid information on this that relates to what I'm doing, can anyone point me in the right direction?

Thanks

Answer 1

Answer by HappyMoo · Jan 19, 2014 at 07:21 PM

If you can send them the password back via email, that's the first point where you throw security out of the window...

see this: http://www.youtube.com/watch?v=8ZtInClXe1Q

Add comment · Show 4 · Share

Vire · Jan 19, 2014 at 07:35 PM 0

Share

Brain is a bit fried. I mean they need to be able to reset their password.

HappyMoo · Jan 19, 2014 at 07:41 PM 0

Share

well, then your server has to send them a secret (random number) to the original email they registered with, which they have to enter when resetting the password.

Vire · Jan 19, 2014 at 07:44 PM 0

Share

That would work, thanks for that idea. $$anonymous$$y main concern though is password encryption. Any ideas there? Cheers

HappyMoo · Jan 19, 2014 at 07:51 PM 0

Share

You've seen the video? No encryption, but salted hashes.

You hash the entered password on the client and send it to the server to check it

User Authentication / Database Security

1 Reply

Your answer

Follow this Question

Related Questions