Jump to content
  • Advertisement
Sign in to follow this  
Magnumwolf

Simple Login system

This topic is 2889 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hi,

I'm working on a small project at the moment and I'm considering creating a login system for it, I have no database experience so I'm wondering it I can use something simple like XML to "hide" data.

My current idea is to allow usernames and passwords to be saved in a simple file format such as .txt and use XML binary serialization on the data.
The program would be written using either C# or Java.

My question is : How secure would this be?

Would it be easy for someone to convert the .txt file into readable text?
Would it be easy for someone to modify the client program to gain access to the serialization /deserialization code? (Assuming they dont have access to the development files)

If anyone could give any answers to these questions it would be greatly appreciated.
Thanks for your help
-Magnumwolf-

Share this post


Link to post
Share on other sites
Advertisement
Tell us more about the project. Are the passwords important? Are they per-client, or do they provide access to a remote system? How are they used?

At the very least you should be storing hashed, salted passwords (unless, for some reason, you need access to the plaintext). You don't need databases for these.

There is no .txt format. Its just a file extension and such files are generally filled with printable characters. I don't know what you're suggesting, are you talking about hiding XML in a txt file and hoping no-one will notice?
Quote:

Would it be easy for someone to convert the .txt file into readable text?

Generally double clicking on it will do that (by opening notepad). If you've put lots of non-printable characters into the file, or use a funky encoding, or even simply compress it, that will keep out lots of casual hackers. It will be no obstacle to a determined, resourceful attacker.

Quote:

Would it be easy for someone to modify the client program to gain access to the serialization /deserialization code? (Assuming they dont have access to the development files)

In Java and C#, yes, very easy. This is why you're security protocols should be secure even if the protocol is known. What you are describing is security through obscurity, which generally only works until someone who is technical enough begins to examine it.

Share this post


Link to post
Share on other sites
Quote:

Quote:

Would it be easy for someone to modify the client program to gain access to the serialization /deserialization code? (Assuming they dont have access to the development files)

In Java and C#, yes, very easy. This is why you're security protocols should be secure even if the protocol is known. What you are describing is security through obscurity, which generally only works until someone who is technical enough begins to examine it.


For C# there are obfuscators and I'm guessing java has some too.
they can make it pretty hard to understand what's going on in your code.

Share this post


Link to post
Share on other sites
What kind of application are you making?

If your application is accessed via a browser over HTTP for example, you'd use some kind of "sessions" system that comes with most web frameworks.

If this is a local application, don't bother with logins and just store data in C:\Documents and Settings\<User>\Application Data\<YourApp> (though you'd probably want to get the actual directory path with SHGetFolderPath and CSIDL_APPDATA, or some C#/.Net equivalent).

The operating system itself will stop users from seeing each others' data.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!