I am designing an application in Java and it requires networking and for that I am using a framework called Kryonet, now I've been able to learn how to send packets and connect, etc, but I'm still not sure how I would handle logging in. The user would need to send their credentials for validation, how would this be done securely? After the server receives it, it would hash and salt it and check it against what is stored in the user database, would it be better to hash and salt it before sending it or is there a better way?
Haroon_4 0 Newbie Poster
rproffitt 2,662 "Nothing to see here." Moderator
I think I want to ask you why do all that if you are on a https connection. Yes, we know that certain governments have cracked https but for the rest of us it's good enough. Unless you want to launch yet another https "is it secure" discussion.
Maybe you are overthinking this?
Haroon_4 0 Newbie Poster
So what your saying it is already secure? I was thinking what if someone was able to intercept the login packet when I was sending it from the client and read the data in there before it reaches the server and stored securely.
rproffitt 2,662 "Nothing to see here." Moderator
OK, I'll ask you directly. Are you using https or not?
I think the secure http discussion ship sailed a few years back but I guess we can go over that again.
jwenting 1,889 duckman Team Colleague
Correct. If you're not already running on an HTTPS (or FTPS or SSH) connection where the encyption is handled for you, don't even bother trying to implement anything yourself because you've failed already.
And if you do, you've covered all your bases, any risks are now procedural rather than technical (though you could add some extra security by requiring client side SSL certificates to be shared with the server).
jwenting 1,889 duckman Team Colleague
Correct. If you're not already running on an HTTPS (or FTPS or SSH) connection where the encyption is handled for you, don't even bother trying to implement anything yourself because you've failed already.
And if you do, you've covered all your bases, any risks are now procedural rather than technical (though you could add some extra security by requiring client side SSL certificates to be shared with the server).
rproffitt commented: Now in stereo. +11
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.