Looking around, it appears there are a number of 3rd party tools to authenticate users from a Xojo App.
However given that my app needs a database server I’m wondering if the database server is a good choice for something to authenticate against. (MySQL).
Using LDAP (AD) for MySQL authentication
Does this sound like a secure approach?
Is it a must-have that the authentication is linked to your active directory or would you be open to creating user accounts storing hashes of passwords in MySQL? The latter is quite simple.
It seemed easier than building a auth plugin.
I’m sure that AD / LDAP are more readily supported by MySQL. (But perhaps only for $ the professional edition)
So as the application must authenticate with the database server, why not just make that the point of authentication.
Am I missing something security wise?
I don’t know enough about security to recommend one solution over another confidently. We have methods of creating users, updating passwords and disabling users that are entirely written in Xojo and interact with data in a database on a server. Xojo has a decent amount of inborn cryptography functions and if that’s not enough, MBS has even more.
As far as interfacing with LDAP, @Norman Palardy has an old plugin he wrote which is apparently used in multiple production environments. Of course, another path is to write your own set of classes to interact with LDAP.
If it were up to me, it would depend on how robust your AD system is, how often users information is created, updated or deleted, your budget and your timeline.