So I’m writing my first web application with xojo, It’s more of an LVP/Proof-of-Concept and if the idea takes off then I will definitely come back and re-write the app to use a more robust Database. Since this is my first time implementing Login functionality I was wondering if the community could give me feedback / practices on accomplishing something like this. So far my process looks like:
User fills out the signup form
The form is Validated
Validated fields are then substituted into a SQL query that is then executed and committed
The values are inserted into a table called UserTable that contains all the information I would need to collect (name, zipcode,password, weight, everything)
Is there anything I can change to more effectively implement login functionality for my application NOW so that I’m not doing crazy re-writes Later?
You should never store a password, nor transmit a password unencrypted. The password should be hashed using an algorithm like PBKDF2, Bcrypt, or Scrypt, and the result of that hash stored instead. When a user attempts to authenticate, you would hash the password they entered and compare it to what you have stored.
(This is the short version of that strategy. For better security, you’d implement something like Security Through Obesity, but that’s a more advanced discussion.)
FYI… Any site that says that can recover your password should you forget it… is NOT secure… once you create a Password… the only place that exact sequence of characters should exist is in you head…
or if you have a secure password manager that you use so you dont forget the 297 passwords you have (I just checked 1password). And passwords should never be repeated (used on more than one site).
Good info above, my 2p to add. Always use prepared statements when accessing your database and treat ALL data as potentially being compromised, sanitise everything server side, never rely on the client for correcting issues as the unscrupulous will just work around it.
