Security system ?

Good afternoon people.
A while ago I came here asking with connected directly to a database, today I was reading the post again and I realized that I was not at all clear what I was looking for.
So I came here to re-formulate my question and mainly ask more in detail.

So, I’m trying to make a login system for the person having to enter the application, since I’m trying to suspend some access after some time. There is no need to register for the application, it can be myself creating the user and password in the database. The application would only need to confirm if the login and password actually exist in the database and if they are so correct, and if everything is correct the application will let the person use it normally. Can anyone give me an idea how can I do this? Thanks for all the help

I’m still unclear, let me ask some questions:

1. Is this app connecting to an external database (not on device)?

• If YES or NO, what save format? MySQL, SQLite, …
• If NO, will the database be packaged with the app when you build and distribute it, or will it be downloaded to the device.

2. When you say log in, will the user be creating a new account or logging in to an existing account?

• If logging into an existing account, how did it get created?

I may have more questions after you answer these.

It is hard to make a local DB secure so go with an external MySQL solution.  Simply collect a username and password in your Corona App and send that to your external server via an https network request.  

Personally, I would hash the password and compare hashes rather than plain text.

Sorry for the delay, end of year was difficult to appear here.

The application is not making any connections, I have not started to develop this in it yet, think how to start a new application that the intention is just to log in to an existing account. What I want to do is practically this:

  Start a new application, develop in it a method for the user to only log into an account, and after the user logs the application continues normal.

About where the account will be created, can be direct in the database or any other method, I think of looking for some simpler method possible.

It is hard to make a local DB secure so go with an external MySQL solution.  Simply collect a username and password in your Corona App and send that to your external server via an https network request.  

 

Personally, I would hash the password and compare hashes rather than plain text.

Yeah … Well, i really don’t know how do this, I’ve never developed any database so i’m so confused by this that I don’t know how i start this

I’m still confused.

1. When you say log into an account, do you mean log into a database on some server on the WWW?

I think the answer is, "No."

If the answer is, “Yes”.

2. I think your expectations may be a bit high for help on this.  While many of us are ‘Renaissance Men/Wommen’, Polymaths, “Jacks of Many Trades”, you may still not get an answer here.  

Also, my sense is to answer this would be a significant amount of work requiring a lot of demo code for Corona, PHP, MySQL, et al.

• You may be better served making a specification explicitly stating what you need and how you want to use it, then posting a job on the Jobs forum. 
• Alternately, you may want to add a team member to your team who is a Web/DB guru.

If the answer is, “No”.

2. I don’t see why you need a database at all. Just use a JSON encoded table.  That would be much simpler to deal with and just as easily made (semi-) secure.  Also, it would be much faster to use.  Accessing a local DB is 100x slower than a table in memory.

Regardless you need to clearly list out how you’re using this and what you intend to do with it as well as provide clear sample use cases.  Otherwise helping will be pretty hard.

I want to jump into this.

1. Accounts have to be created. At some point, you have to have a form to create said login (or use Facebook or Google to get a login.  If you’re going to have a hard-coded account and force the user into logging in to it, then you’re either going to have to make that account public which kills the whole reason for having a login.  Apps are very easy to hack and leaving un-encoded account credentials is just about secure and making the credentials public.

2. If you use Facebook/Google you’re going to have to do some networking. If your user is going to have unique verified login credentials then you are going to need an online service to create and validate the logins. You don’t want to trust the app to do this.

If you’re just making the user put in a username/password as some form of fake security, you’re just going to limit your apps usage.

Rob

The answer is really “No”.

But, after X days, i need block the user access to he not use any function in app … Using JSON can I do this ?

What I need is to exactly limit the use of my application after X days. What I need EXACTLY to do is: Deliver the application to someone I do not trust and need it, after a few days it no longer has access to the application. I thought about this method of login because I think it is the safest … I had already thought about blocking the application according to the date, but the user can easily change the date of the phone and stay in an infinite click, so I thought of using only 1 login and after the day you want I cancel the account that the person is using …

Use something like https://timezonedb.com/api to return the real date and use that to enable/disable features.

Yes - You can store info about when the user first started using the app in a JSON encoded table or even a text file, then if the user doesn’t pay for a feature within the trial time, you can disable it.

You can easily make these files hard to manipulate (by the user).

For example, SSK2 comes with obfuscated table saves and loads:

• https://roaminggamer.github.io/RGDocs/pages/SSK2/libraries/persist/
  • Setting secure mode: https://roaminggamer.github.io/RGDocs/pages/SSK2/libraries/persist/#setting-secure-mode 

See docs (linked above) and full example:

https://roaminggamer.github.io/RGDocs/pages/SSK2/libraries/persist/#complete-persist-example

I encrypt and hash tables with AES-256 - its literally one line of code…OK 2 if you count declaring the MD5 hash.

File size does grow but this is an acceptable trade off.

Really, thank you very much to everyone who responded, each one of you contributed so that I could get to a final result =) Thank you !!

I’m still unclear, let me ask some questions:

1. Is this app connecting to an external database (not on device)?

• If YES or NO, what save format? MySQL, SQLite, …
• If NO, will the database be packaged with the app when you build and distribute it, or will it be downloaded to the device.

2. When you say log in, will the user be creating a new account or logging in to an existing account?

• If logging into an existing account, how did it get created?

I may have more questions after you answer these.

It is hard to make a local DB secure so go with an external MySQL solution.  Simply collect a username and password in your Corona App and send that to your external server via an https network request.  

Personally, I would hash the password and compare hashes rather than plain text.

Sorry for the delay, end of year was difficult to appear here.

The application is not making any connections, I have not started to develop this in it yet, think how to start a new application that the intention is just to log in to an existing account. What I want to do is practically this:

  Start a new application, develop in it a method for the user to only log into an account, and after the user logs the application continues normal.

About where the account will be created, can be direct in the database or any other method, I think of looking for some simpler method possible.

It is hard to make a local DB secure so go with an external MySQL solution.  Simply collect a username and password in your Corona App and send that to your external server via an https network request.  

 

Personally, I would hash the password and compare hashes rather than plain text.

Yeah … Well, i really don’t know how do this, I’ve never developed any database so i’m so confused by this that I don’t know how i start this

I’m still confused.

1. When you say log into an account, do you mean log into a database on some server on the WWW?

I think the answer is, "No."

If the answer is, “Yes”.

2. I think your expectations may be a bit high for help on this.  While many of us are ‘Renaissance Men/Wommen’, Polymaths, “Jacks of Many Trades”, you may still not get an answer here.  

Also, my sense is to answer this would be a significant amount of work requiring a lot of demo code for Corona, PHP, MySQL, et al.

• You may be better served making a specification explicitly stating what you need and how you want to use it, then posting a job on the Jobs forum. 
• Alternately, you may want to add a team member to your team who is a Web/DB guru.

If the answer is, “No”.

2. I don’t see why you need a database at all. Just use a JSON encoded table.  That would be much simpler to deal with and just as easily made (semi-) secure.  Also, it would be much faster to use.  Accessing a local DB is 100x slower than a table in memory.

Regardless you need to clearly list out how you’re using this and what you intend to do with it as well as provide clear sample use cases.  Otherwise helping will be pretty hard.

I want to jump into this.

1. Accounts have to be created. At some point, you have to have a form to create said login (or use Facebook or Google to get a login.  If you’re going to have a hard-coded account and force the user into logging in to it, then you’re either going to have to make that account public which kills the whole reason for having a login.  Apps are very easy to hack and leaving un-encoded account credentials is just about secure and making the credentials public.

2. If you use Facebook/Google you’re going to have to do some networking. If your user is going to have unique verified login credentials then you are going to need an online service to create and validate the logins. You don’t want to trust the app to do this.

If you’re just making the user put in a username/password as some form of fake security, you’re just going to limit your apps usage.

Rob

The answer is really “No”.

But, after X days, i need block the user access to he not use any function in app … Using JSON can I do this ?

What I need is to exactly limit the use of my application after X days. What I need EXACTLY to do is: Deliver the application to someone I do not trust and need it, after a few days it no longer has access to the application. I thought about this method of login because I think it is the safest … I had already thought about blocking the application according to the date, but the user can easily change the date of the phone and stay in an infinite click, so I thought of using only 1 login and after the day you want I cancel the account that the person is using …

Use something like https://timezonedb.com/api to return the real date and use that to enable/disable features.

Yes - You can store info about when the user first started using the app in a JSON encoded table or even a text file, then if the user doesn’t pay for a feature within the trial time, you can disable it.

You can easily make these files hard to manipulate (by the user).

For example, SSK2 comes with obfuscated table saves and loads:

• https://roaminggamer.github.io/RGDocs/pages/SSK2/libraries/persist/
  • Setting secure mode: https://roaminggamer.github.io/RGDocs/pages/SSK2/libraries/persist/#setting-secure-mode 

See docs (linked above) and full example:

https://roaminggamer.github.io/RGDocs/pages/SSK2/libraries/persist/#complete-persist-example

I encrypt and hash tables with AES-256 - its literally one line of code…OK 2 if you count declaring the MD5 hash.

File size does grow but this is an acceptable trade off.