Suggestions on creating a user authentication system.
-
Yes I do know about Qt Cloud Services. A while ago i did some tests with that too, and also tried uploading my server to a MAR instance but failed during compilation.
Wouldn't I still need to develop the login system though?
They offer the space and database for me to use, but I believe it is up to me to actually implement what I want in one of the languages they support.EDIT
I did a simple test with QCryptographicHash using
QByteArray result = hash1->hash(myPass.toLatin1(), QCryptographicHash::Sha3_512);
I have no idea if SHA3 is good enough to depend upon though.
My other alternative would be using bcrypt
That I do know is quite a secure algorithm.And of curse I would have to modify the server to use SSL right?
EDIT2
I did also some test with bcrypt and it seems to be working fine.Before I continue implementing this, just to be sure, what I am supposed to do is :
get the users password (through a secure connection),
read that value in my server,
hash it, and compare it with the value on my database,
and I'm done. -
It's rather: establish a secure connection to your server, that's simple: make it only accept https connection. Then you need to send the credential from your client to your server and do the checks
-
I guess you are right, establishing a secure connection is very important, but
I originally did my server only using http, following the various Qt examples. So now I found it hard to make it use https.
Qt's example on a secure connection did not help me very much because my servers architecture is a little bit different and that example is not... flexible to change I would say.
Someone here in the forums recommended this, from which I learned a great deal of things but it is using simple http, as most of the servers I have seen in Qt. -
For the connection encryption setup, see QSslSocket
-
How are you creating it ?
-
I have a 'Listener' class that is subclassing QTcpServer
class Listener : public QTcpServer { ...
It is using a worker
class NewConnectionHandler : public QThread { ...
In this worker class I provide a socket for the server to use in each new connection
moveToThread(this); QFile certFile(QStringLiteral("./certificate/testC.cer")); QFile keyFile(QStringLiteral("./certificate/testR.pem")); certFile.open(QIODevice::ReadOnly); keyFile.open(QIODevice::ReadOnly); QSslCertificate certificate(&certFile, QSsl::Pem); QSslKey sslKey(&keyFile, QSsl::Rsa, QSsl::Pem); certFile.close(); keyFile.close(); sslSocket.moveToThread(this); sslSocket.setLocalCertificate(certificate); sslSocket.setPrivateKey(sslKey); sslSocket.setProtocol(QSsl::TlsV1SslV3); sslSocket.startServerEncryption(); connect(&sslSocket, SIGNAL(readyRead()), SLOT(read())); connect(&sslSocket, SIGNAL(disconnected()), SLOT(disconnected())); connect(&readTimer, SIGNAL(timeout()), SLOT(readTimeout())); this->start();
This is pretty much what I am trying to do. The server is highly based from the one in the link I provided, and the one from VoidRealm's youtube video.
-
On what is the first moveToThread called ?
-
I use moveToThread for the ConnectionHandler class (
class NewConnectionHandler
) that takes care of creating a socket in the manner described above. I then return it to my listener class. It works for a TcpSocket, but if I try to alter it like above then it stops working. -
If you really want to use multithreading then have a look at the Threaded Fortune Server example