Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I need to implement an authentication in my client application against my server application. I don’t want users to enter any kind of credentials and I don’t want to hard-code any password.
The purpose is to prevent other people/application to steal data from the server.
What is the best way to achieve this?
I suppose that you don’t want to use any hardware devices, such as smart-card reader, fingerprint reader or token generator.
If you use server-side generated unique identifiers, such as GUIDs, you need a way to distribute them with clients to be sure that client is OK. In that case you will keep a track of the issued GUIDs and use them to authenticate a client. Or you can accept client-side generated identifiers using known algorithm based on the facts that are provided during registration process (name, address, email address, etc).
In both cases, you have to keep a key/facts on the client machine, which is another problem.