Đăng nhập

Student Login Sequence Diagram Đăng Nhập, User Login System

I have a partially finished sequence diagram but it needs more detail. Once the user has been retrieved from the database how does the system decide whether to accept or reject a login. I mean how do I implement it to my sequence diagram:

*

*

*

The type of login your diagram represents is form-based authentication. Breaking it down into steps (no diagram):

User enters credentials (username, password) over a https connection.

Đang xem: Sequence diagram đăng nhập

If both credentials have been entered, for example a valid email address for the username and a password (anything) then:

a. On the server, hash the password from step (1) with whatever algorithm you”re using (see here; don”t use md5 any more, there are several reasons it”s no longer a good candidate such as hash collision and speed issues). Also see here.

b. On the server, get the row corresponding with the user you want to validate.

If the row is present:

compare the hash you got in (2a) with what”s in the database.

If it matches, handle the successful login; most likely you”ll want to put a Principal object in the session to identify the logged in user. If you”re keeping track of unsuccessful login accounts, zero this number (login was successful).

Xem thêm: Vnnet Vn Đăng Nhập – Trang Đăng Nhập Mail Vnn

If it doesn”t match (incorrect password for specified user)

return a failure with a generic message (don”t give a potential attacker more information than necessary). Here, if you”re also keeping track of failed login attempts, increment the number and if it exceeds the maximum allowed consecutive failures, block the account. Optional: send an email to the registered user informing them of a failed login attempt.

Else

the row is not present; no user exists with that user name. Return a failure with a generic message.

Else (from 2–negative: both credentials have not been entered)

a. Return a generic validation error (enter both username and password). Don”t send anything to the server.

Xem thêm: Tổng Hợp Key Cài Đặt Win 10 Pro 2018, Win 10: Key Cài Đặt + Key Active Thành Công 100%

Note: If you”re doing it with Java, do not use a String to store the password object as it is immutable. Store it in a char<> array that you can clear as soon as the password is no longer needed.

Show More

Related Articles

Back to top button
Close
Close