How do I encrypt password in Construct 2?

Get help using Construct 2

Post » Tue Jul 26, 2016 12:19 pm

Hi guys,

@Saad-Swad describes the way for login and regestation really good.
A similar tutorial already exists:
https://www.scirra.com/tutorials/525/simple-login-using-a-mysql-database
with the exception that the password is not encrypted. But for a simple server system also is not forcibly required because if someone has already accessed the database, then you have other problems ...
For good programming would not use GET but rather POST-Methodes. This is due to that a GET request is parsed on the URL (if the request is via a <form> tag). Would you now send this link to your friend or else the other have your login data unencrypted.
If you send the GET-Methode via AJAX you get not a new parsed URL. GET is also processed a little faster than POST. I think therefore GET was used in the example.
If someone listens to the connection (Like "man-in-the-middle-attack") it does not matter whether the request will be sent via GET or POST. For something like this it is good the variables for login data not call "PW" or "password" or similar. A hacker would look for it first. And use a SSL connection as already said. But even this is not always safe against "man-in-the-middle-attack".

What really matters is,
Save your server against harmful inputs!!!

And that's also pretty easy. Please read this tutorial:
http://www.w3schools.com/php/php_form_validation.asp

And
prevent the download of critical data (e.g. database)

The encryption via JavaScript you need it for storrage the password local (e.g. cookie, sessionStorage)
But should use with care!!! Passwords should never be stored ...


For a top secure server it requires much more.
All datas on the server have to be safe although a person has access to the server data.
Then begins:
-server cascade
-encrypted programcode (to safe the decoding of your data)
-encrypted database (illogical data input)
-database cascade
-a combination of password and token (token=temporary password)
-person tracking (to be sure the logging user is really the registered user)
-attack logs (banned hacker from server and identify attack strategies -> safe it)
... and everything one can think of

And very important:
Thinking never your server is secure!

... I hope my english was polite and understandable.
B
5
S
1
Posts: 24
Reputation: 423

Post » Fri Jul 29, 2016 6:37 pm

@Whiteclaws, @Saad-Swad, @BillAlex, thanks for all! :D
Soon I'll think to implement it.
Whats your final considerations?
Liked something I say?
Tip. My Bitcoin address: 1PLaeKmXQ8vEdGGJqXMq3KyB8hxeddxeSv
B
28
S
9
G
4
Posts: 359
Reputation: 4,246

Post » Fri Jul 29, 2016 11:47 pm

Look into PHP https and SSL, Idk dude, maybe Let's Encrypt as a certificate authority

Learn SSL, Embrace SSL, Adore SSL
B
42
S
17
G
17
Posts: 2,247
Reputation: 17,481

Post » Sat Jul 30, 2016 2:13 am

Whiteclaws wrote:Look into PHP https and SSL, Idk dude, maybe Let's Encrypt as a certificate authority

Learn SSL, Embrace SSL, Adore SSL


Using https in a ngork's tunnel isn't enought? I need use my own SSL certificate?
Liked something I say?
Tip. My Bitcoin address: 1PLaeKmXQ8vEdGGJqXMq3KyB8hxeddxeSv
B
28
S
9
G
4
Posts: 359
Reputation: 4,246

Post » Sun Jul 31, 2016 4:05 pm

ngrok uses Https, only with their own certificates, if you want to launch your own app, you'll need your own certificate,
use whatever works best for you, as long as it implements TLS/SSL, you'll be fine.
B
42
S
17
G
17
Posts: 2,247
Reputation: 17,481

Post » Sun Jul 31, 2016 10:37 pm

Saad Swad wrote:Hi,
for encode you password, you can use @kyatric plugin : https://www.scirra.com/tutorials/50/cb- ... algorithms


No, you have to use SSL. All that this does is make the hash the users password.
https://www.ravenheart.ca/home
I don't check the forums much anymore, but I will receive an email for PMs.

"Someone once told me I bite off more than I can chew...

I told them I would rather choke on greatness than nibble on mediocrity."
B
23
S
6
G
1
Posts: 1,419
Reputation: 4,857

Previous

Return to How do I....?

Who is online

Users browsing this forum: Bootfit and 17 guests