How to store password and assign administrators?

D

DarkByte20152016-05-06 10:52:17

Algorithms

DarkByte2015, 2016-05-06 10:52:17

I am writing a simple chat with registration. I implemented it so that the client will be the server at the same time. Those. on the client there is a button "Start the server". He starts it, and then registers and logs in as a normal user. But I want more admins. But who will add them? I came up with the following move: on the client, you can press a secret key combination, after which a window pops up with entering a pin code, which is sent to the server and compared there, after which, if the pin code is correct, the user is granted administrator privileges and at the same time super-administrator. Those. administrator who can appoint other administrators. But the super-administrator rights flag is not entered into the database (unlike the regular administrator rights flag), but is issued only for one session. I don't know if this algorithm is correct. (if you have any better ideas I'll be happy to hear) The question is how to store this super-administrator's pin code on the server? So far, I just sewed it into the program as a constant. Xs, too, how correct it is ... Plus, I transfer and compare all passwords in the form of MD5 hashes.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Alexey Lebedev, 2016-05-06
@swanrnd

Since the client is a server, then everyone can find out which pin.
The best option:
When installing the client-server, set a pin code. You can encrypt however you want.
The option is worse:
Encrypt everything with tough algorithms, which, for example, takes 10 seconds and the pin is more difficult.