Question about user interaction: login and password handling

Question

0.00/5 (No votes)

See more:

I'm new in login dialog design.
I wonder what should I do if the password file missing. Just simply tell the user something wrong occurs?
Puzzled...
I want to know where should the password file save to so the user(or someone who wanna delete it in illegal way) can not easily delete it. Or is there any other way no need password file?
And, if the password file is missing, what should I do?
This is an independent app about diary runs on Windows.
Thanks advance! :)

Posted 5-May-10 21:23pm

Just_Fancy

Updated 5-May-10 22:23pm

v5

Add a Solution

Comments

Michel Godfroid 6-May-10 4:06am

Using password files is usually a bad idea. What kind of application is this and on what platform?

5 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Arun Parthasarathy · Answer 1 · 2011-09-08T21:14:00

Solution 4

Its always better and a more secured way to save the passwords in the database.
Not directly as such, that too on encrypting and saving it.
Only on decrypting it, u can able to see the original pwd.

since you mentioned you gona save password in file. i advice you to save that file as a blob in the db.
Hence there is no chance of deleting this file.
BLOB (Binary Large OBject) is better way of saving files in db.

you can delete this record too from db.
you can avoid this by having the db admin rights with the responsible people.

Posted 8-Sep-11 21:14pm

Arun Parthasarathy

Comments

nonson black 9-Sep-11 6:53am

i think c++ does not supprt any databases ... I think m not sure.. but yeah if possible this would be the best approach .

Arun Parthasarathy 9-Sep-11 6:59am

hey man!

C++ is a server side programming!
you can do safe and best programming practices!
you hav db classes like CDatabase etc. To perform these actions!
not only you need sql servers to save info. you may also use mdb files.

Please hav a try. you really feel good! your application will be stable.

nonson black 9-Sep-11 8:05am

thanx a ton for the info .

Michel Godfroid · Answer 2 · 2010-05-05T23:11:00

Solution 2

You should not use passwords: just save any data under the users home directory. Windows security will take care of securing that data, and making it private.

Posted 5-May-10 23:11pm

Michel Godfroid

nonson black · Answer 3 · 2011-09-09T00:56:00

hey there can be different approaches to this.....

you can use a function that is there in i think stdio.h
its system("DOS COMMAND ")you can use this to change directry n save your file somewere out of the reach of the user .

i think you would be using a check whether a file is available or not
you can tell the user that the file has been tampered by external sources .. or something like that ...

As much as i know you cannot use the windows's hidden etc attributes via a dos based program .. but if there is a way that would be a quite good approach

Satheesh1546 · Answer 4 · 2011-11-27T16:45:00

Solution 7

Hi,

It is good to have password stored in a database. You can use some encryption methods to encrypt it and store it to database.While retrieving you can use the same method to decrypt the password.

Posted 27-Nov-11 16:45pm

Satheesh1546

Mohibur Rashid · Answer 5 · 2011-11-27T17:46:00

If it is a server that does not depends on any database server then why need to install database server?

1. Use Encryption. MD5 is the best choice. You can store formatted data into file to create multiple user.
2. If for some reason Password file got missing, user does not need to know that, that would be noticeable only by administrator.

And Remember Physical security is the primary security for any System. You can reset Linux master password if you can get the linux system in your hand