Implementing a login system in C++ and MySQL

Question

I'm working on a desktop application which has a login system. It's written in C++. When it's started, asks for a username and a password then connects to the MySQL database and verifies the entered data. Currently the server's password is hardcoded to application's executable. I know that this is a bad practice, so I would ask your opinion about solving this issue. I should store the server's password encrypted then decrypt every time when a database connection is required, or there is a clever way to do it?

Clarification:

I have a MySQL database with user "root" and password "root". I create a connection to database with that username and password. But when the user wants to log in he enters his username and password which has nothing to do with the root username of the database. That username and password is stored in a table created by me.

type this into a search engine: "connect to MySQL from C++ encrypt password" — Mitch Wheat, Jul 19 '14 at 10:21

score 1 · Answer 1 · edited Mar 17 '17 at 13:14

1

Essentially there is no foolproof way to do it, a determined user could find a way to find out the password. There are ways to try and make it harder e.g. obfuscation, etc. which you can see in this similar question.

edited Mar 17 '17 at 13:14

Community

1
1

answered Jul 19 '14 at 10:34

DormeoES

101
8

[Here](http://thatextramile.be/blog/2012/01/stop-storing-passwords-already) is an interesting article, it provides some ways to protect your data in case of being compromised. – DormeoES Jul 28 '14 at 05:22

score 0 · Answer 2 · answered Jul 19 '14 at 10:28

0

You can use md5 for encrypting the password. It is one way encryption. If you want to check if the password is correct, create the md5 value of the entred string and then compare it with the string stored in the database. So the actual password won't be visible. You can refer the link http://www.zedwood.com/article/cpp-md5-function

answered Jul 19 '14 at 10:28

Rohan

41
8

2

MD5? It has its uses but not password encryption – Ed Heal Jul 19 '14 at 10:30
Yes, I know, I'm using that method. But Somehow I should connect to MySQL database with a different password. And that password is hardcoded to executable. – Szőke Szabolcs Jul 19 '14 at 12:00
FYI the correct term is hashing rather than encryption. That's more appropriate for protecting user login passwords stored in a database. I'd recommend using a stronger hashing algorithm and reading this article for other security measures you should be taking: https://patrickmn.com/security/storing-passwords-securely/ – Michael Apr 24 '18 at 00:54

Michael · Answer 3 · 2018-04-24T01:03:27.893

If you're application is on Windows there is a Credential Manager you can use (and possibly something similar for Linux): https://stackoverflow.com/a/9228105/222748

Another approach is to use encrypted XML that involves the use of a self-signed certificate for asymmetric encryption. Here's how it works: https://www.ibm.com/support/knowledgecenter/en/SS7JFU_8.5.5/com.ibm.websphere.express.doc/ae/cwbs_encryptv6.html

For generating the MySql password for the database I'd look at using a Crypto library as this is less easy to predict than random functions based on time.

Implementing a login system in C++ and MySQL

3 Answers3