Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

client/server authentication  RSS feed

 
John Astralidis
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Also, I want to post a new question but to keep it under this topic. If this is irrelevant please moderators move it to the appropriate forum.

For the client/server authentication (login/register) I want to implement the following scenario.

1. Client authenticates with the web-service using the user's personal username/password. The username and password are known to the user and are not related to the database login credentials in any way.
2. If authentication succeeds, the client makes a request to the web-service asking for some information from the database. For example, an inventory of products. The client's request is not a SQL query. It is a remote procedure call such as getInventoryList().
3. The web-service connects to the database and retrieves the requested information. The web-service is in charge of forming a secure SQL query based on the user's request.
4. The web-service sends the inventory list back to the client application.
5. The client displays the inventory list to the user.
In the entire process, the client application never connects directly to the database. The web-service receives a request from an authenticated user, processes the client's request for an inventory list, and only then executes a SQL query.

Where the user credentials should be stored? Perharps in a config file (java properties file) in the web-service platform? But, what if we want to create new accounts to register new users?
Although, it's possible to hash these credentials and to send them over network to the web-service hashed, in order to improve possible security. Right?
 
John Astralidis
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Any help please?
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65833
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
John Astralidis wrote:Also, I want to post a new question but to keep it under this topic.

Don't do that. As you can see, it usually results in neither question getting an answer.
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65833
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why would you not store the credentials in the database?

For transport, use SSL to protect sensitive data. Passwords should always be one-way hashed for storage.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!