Store user privileges - the smart way

tags:

c#
multiuser

views:

answers:

Store user privileges - the smart way

I'm doing an app that should be for multi-user. currently I have a file that stores username + md5 password hash (with username as salt)

Now I app should be enhanced so that different user can have different privileges. How would you store them the smart way so that nobody can change them but that it's still good to handle for me?

I'm using C#

You seem to be a beginner. For you I may recommend looking at the ASP.NET Membership provider.

But as a side note, please never use MD5. It's not required, and is broken, so it's best to avoid having to justify a reason to using it when there are other perfectly acceptable non-broken hashes.

Noon Silk 2009-08-12 09:11:20

no md5 + salt? but I can't be refactored, right? I do a md5 from the password and the username which can't be refactored and when the user want's to log-in I do the same and compare it with the stored string.

2009-08-12 09:44:19

+1 A:

I think it's better to use database engine to mange this operation(the easiest way), however if you don't prefer to use database, you can use the same file and add keys to make the privileges like the following:

wael rwx

ahmad rw

K x

from those lines you can see that wael have read, write, execute permissions now in your application you will read the permission and allow/disallow the use.

Wael Dalloul 2009-08-12 09:11:41

but if writing does user privileges in unix style in cleartext into the file I need the file to be protected from editing, right?how can I do that?

2009-08-12 09:42:51

If you want to protect the file, encrypt it so nobody will understand the meaning of the text.

Wael Dalloul 2009-08-12 09:52:18

encrypt it symmetric?

2009-08-12 09:55:21

Any way you want, you can use RSA or AES cryptographic they are very strong especially AES.

Wael Dalloul 2009-08-12 10:34:31

ansaurus

tags:

views:

answers:

Store user privileges - the smart way

related questions