ID:187405
Dec 17 2004, 4:28 pm
|
|
I don't know if this belongs here or not..but oh well. (It is a programming forum, and this is OFFTOPIC :P) What is your opinion on managing Users & User Passwords with Visual Basic and well..Databases. Like: What Database should I use, or should I even use a database(Perhaps there's an alternative?).
|
In response to Jon88
|
|
Well then, what should I use? Do you think I can set up a database online(As in, hosted, not on my computer), and have it connect to the database and find the username, then check the entry for a password, If txtPassword = the password in the database, Then Login = true, if txtUserName = "Lenox", Admin = 1?
|
In response to Lenox
|
|
Lenox wrote:
Well then, what should I use? Do you think I can set up a database online(As in, hosted, not on my computer), and have it connect to the database and find the username, then check the entry for a password, If txtPassword = the password in the database, Then Login = true, if txtUserName = "Lenox", Admin = 1? You could do that. You could also have a database on your own computer. Access isn't the best, and there are some things it can't do, but it works most of the time for small things. :) If you want to use a real SQL server, microsoft has a developer edition of theirs free for download. It's just limited to 10 connections at once. Also, if you don't know SQL(Structured Query Language), here's a site where you can learn it: http://www.w3schools.com/sql/default.asp |
In response to Jon88
|
|
Well, I tried MySQL, but it REALLY dislikes me. Anyone know of free database hosting? :P
|
In response to Lenox
|
|
MySQL is easy to setup and use with phpMyAdmin. A program cannot dislike someone, a computer cannot dislike someone. It's the user. The only way a computer can function is if there is a user to run it.
However, to solve your situation. I can provide a database for you if you want. |
In response to Kaga-Kami
|
|
Kaga-Kami wrote:
MySQL is easy to setup and use with phpMyAdmin. A program cannot dislike someone, a computer cannot dislike someone. It's the user. The only way a computer can function is if there is a user to run it. Would you be as so kind as to? :P. I just need it for this proggy I am making, I'm trying to use it to hold UserNames and Passwords. |
In response to Lenox
|
|
You can use cookies to do that. :D
But yeah, if you need it. Page me: Kagayaku Kami |
For security, it's a good idea to hash the passwords so that they're not viewable in the database.
A good hash is more secure than plain-text because (A) the plain-text is obscured, and (B) it's a one-way operation; you can't go from a hash to the password that generated it (at least, not in theory). So what you do is hash the password when you put it into the database, and then use the same method to hash the password that someone enters. If the hashed passwords match, they entered the correct password; if not, they didn't. I don't think VB has any built-in hashing algorithms, but you can probably find some kind of library or DLL that can provide them. |
In response to Crispy
|
|
How do you pronounce MySQL?
|
In response to Crispy
|
|
Crispy wrote:
I don't think VB has any built-in hashing algorithms, but you can probably find some kind of library or DLL that can provide them. There are freely available components and code for VB that provide hash functions like MD5. If it's VB.NET, it comes with its own security-related stuff like that. |
In response to Crispy
|
|
I would rather not let anyone see the front page at all, i use my servers ability to lock up my MySQL and then just use root for phpMyAdmin.
It may not be the safest way, but i prefer it over using phpMyAdmins user & pass system. |
In response to Elation
|
|
I just pronounce it My Squeal. But most just say My S-Q-L
|
In response to Kaga-Kami
|
|
Kaga-Kami wrote:
I just pronounce it My Squeal. But most just say My S-Q-L My Sequel! Some people actually pronounce it like that. |
In response to Jon88
|
|
Jon88 wrote:
Kaga-Kami wrote: i've never heard MySQL called My Sequel, but I have heard that MSSQL Server is often referred to as 'Sequel Server'. |
There's no real good alternative to using databases. I suppose you could use text files if you wanted. You need a file of some kind, or else you'll never be able to change/add users and passwords easily.
Concerning databases... thou shalt not use Microsoft Access, or thou shalt be smoten! :P
/me gets smoten :)
Just remember that VB is very insecure/crackable. Depending on what you're doing, VB might not be the best choice(unless you're talking about web applications with VB, where the code sits safely on the sever).
Also, if you do end up using databases, make sure to validate all user input that can be passed to a database query.