My program is a TCP socket server, which should be managed over a network by a command-answer system. Command(request)-answer system is not a problem: a client send a packet, a server receive it and generates a response. Packets are just a sequences of bytes.
The issue is that I have to create a simple account system. My server should store and manage two account types: "administrator" and "simple user". Therefore I should have the things: a registration, authentication and a password storage systems. How this can be simply done on Qt5? For example, I simply can send user names and passwords (or password hashes) over a network, but how an administrator account can be initially created on the server in a normal way? I don't have strict security requirements, but I want to create a normal system that would make sense.
Simple account control system
78 Views Asked by Vladimir Bershov AtThere are 2 best solutions below
On
Use QSslSocket to get a secured communication layer (http://doc.qt.io/qt-5/qsslsocket.html), since you will exchange passwords on top of this administration link.
There is an example here of the client part of the code, with Qt5: http://doc.qt.io/qt-5/qtnetwork-securesocketclient-example.html
On the server side, accept the socket on a predefined unused port, dedicated to your service.
Now, you can simply decide of a login with a random secret password, that will correspond to the administrator account, and create a program to send this password on top of a secured channel based on QSslSocket. You server has to check the password before accepting remote management.
So, as you can see, the administrator must be created prior to using the service. You can use a private mail exchange, based on some cryptographic means (OpenPGP, S/MIME, etc.), to supply the administrator with its password.
Simpliest way: administrator credentials should be predefined via some config file on server side. As additional protection you may force user to change password on first log in. Another way: a lot of CMS provides a full access + installation steps to first loggined user.