client server application

Question

0.00/5 (No votes)

See more:

<pre lang="text">

i have two windows form app one of them server and the other client , the client have a screen that lets the user enter the username and pass. the problem is how to send user name and password to the server that is connected to a database , and return the result of the operation to client . i am programminghttp://www.codeproject.com/Questions/ask.aspx# using c#.net any advice

Posted 8-Dec-13 10:30am

Member 10304968

Add a Solution

3 solutions

Solution 3

Try out Integra Client/Server API at http://oelsoft.com

Posted 10-Dec-13 0:57am

smadev

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Accepted Answer · 2013-12-08T12:37:00

Solution 2

Basically, you need connection and communication based on TCP, which is the lowest level you need. It can be done on one of several different levels of networking, remoting or WCF.
Please see my overview of these approaches in my past solutions:
how i can send byte[] to other pc[^],
Communication b/w two Windows applications on LAN.[^].

—SA

Posted 8-Dec-13 12:37pm

Sergey Alexandrovich Kryukov

Comments

Member 10304968 9-Dec-13 18:01pm

thank u i have used two sockets, and i separated between the username and password with a special char , and used the socket.send() , socket.receive() methods

gggustafson · Accepted Answer · 2013-12-08T11:15:00

Solution 1

In Win Forms, the client is connected to the server (and vice-versa) using the WinSock API. It is a relatively straight forward process. MSDN's documentation, Running the Winsock Client and Server Code Sample[^], should help.

By the way, you should perform encryption on the data being passed between the client and the server. There are a number of ways to accomplish this but you must insure that the password passed between client and server is encrypted and that the password that is stored in the database is protected.

Posted 8-Dec-13 11:15am

gggustafson

Comments

Sergey Alexandrovich Kryukov 8-Dec-13 22:33pm

The idea of "storing" а password in a database is really, really bad. In any systems not illiterate from the security standpoint, passwords (in a literate meaning of this word) are never stored, this is absolutely not needed for authentication. Instead, their cryptographic hash function is stored, and hash is compared with hash. And hash is not "encryption" at all. The idea of using "encryption" is also a very dangerous one, because, unlike the hash, everything encrypted can be decrypted. Remember the actual password should be kept secret even from all of the administrators, regardless the access privileges.

Maybe you did not mean literately "encryption", I don't know. If you mean hash or something combined with hash, it could be fine (I don't know why doing so, but...). Could you honestly tell us, did you know about it, or you really meant "encryption" and storing passwords...

By the way, this is not enough, and HTTPS (or its equivalent) should be used for perfect security, which is a separate topic...

—SA

gggustafson 9-Dec-13 8:53am

You are putting words in my mouth. I take umbrage at that.

I stated that transmission from client to server should be encrypted. Do you disagree?

I stated that the password in the database must be protected. Do you disagree?

I never discussed hashes. Because the OP appears to be relatively new at this topic, I just warned that certain security measures be taken. If discussions of how to use hashing algorithms and salting are needed, a web search will return what OP requires.

Sergey Alexandrovich Kryukov 9-Dec-13 10:08am

Sorry if I put words in your mouth. I tried to mention that I am not certain that you mean exactly this ("I don't know"). But here is the thing: if I put some words in you mouth because I misunderstood you, anyone else could misunderstand you in the same way. What I try to point out is a very common mistake, a really big one.

It is very easy to think that "password passed between client and server is encrypted" means encryption of passwords and not hashing it.

It is very easy to think that "the password that is stored" means that you advise to store password. And a password should never ever stored. (Do you disagree?)

And now, you are changing the topic to some other fragments of your text, much less questionable, and ask me "Do you disagree?". You still go away from the real big issue. And now: you can avoid discussing hashing, but you cannot do it when you mention password encryption. Nobody pulled these words out of you mouse...

From your objection, I still cannot see that you really understand the security issue related to the password use.

—SA

gggustafson 9-Dec-13 10:15am

Don't you read?

Sergey Alexandrovich Kryukov 9-Dec-13 10:25am

Sorry, I don't understand. Which part you think I did not read?
—SA

Member 10304968 9-Dec-13 18:03pm

can you send to me some links about how to secure my system

gggustafson 9-Dec-13 21:45pm

1. The connection between the client and the server must be HTTPS. Google HTTPS to find out how to use it.

2. The password generation should follow the rules of "Salted Password Hashing - Doing it Right" (https://crackstation.net/hashing-security.htm). It is a long read but well worth it.

3. If you need further help - gggustafson@gmail.com