Custom LoginEventHandler: getting password issues

Post here your questions about SFS2X. Here we discuss all server-side matters. For client API questions see the dedicated forums.

Moderators: Lapo, Bax

lospejos
Posts: 1
Joined: 03 Jul 2011, 10:49

Custom LoginEventHandler: getting password issues

Postby lospejos » 03 Jul 2011, 12:40

Hi!
I'm implementing the Custom LoginEventHandler, looking at your doc (Getting Started). Also I've read the "Development Basics" and Advanced Topics. I've found in "SmartFoxServer 2X HOWTOs", part "How to create an Extension-based custom login", in "3) Secure passwords":

The user password is never transmitted in clear from the client to the server, for security reasons. In order to be able to compare the encrypted password with your database original password we provide a convenient method in the API.


But what if I have no possibility to get clear password from my authentication system. For example, if you try to build custom login based on Linux authentication, you never will have a chance to get a clear password (IMHO).
All I have is a web service, which takes login and password params, and returns true (auth success) of false (auth fail). Inside this system, passwords are stored in a non-reverseable hash format.
Can you give a recommendation how to build the custom login event handler logic in this case? Can I somehow decrypt password in my custom login event handler?

Or am I misunderstood some concepts?

Thanks.

Return to “SFS2X Questions”

Who is online

Users browsing this forum: No registered users and 46 guests