Login form where user info is in SQL

rkresnadi · May 19, 2017, 4:33am

Hi,
Do you know a way to create a login and sign up button where the user info (email / password) is stored in external SQL database?

rkresnadi · May 20, 2017, 1:43am

Anybody has any idea how to do this? Or do I need to run sql query in sql connector and use username and password as parameter, if query result is none then user can’t login?i

NigelG · May 20, 2017, 7:11am

Security issues aside, yes I think you would have to run a query to get the userid and password and then run the logon workflow using that data.

rkresnadi · May 20, 2017, 7:53pm

Thanks NigelG and do you know any instructions on how to run logon workflow using sql query? The training video shows how to build a log on page but didn’t show how to do it using sql query.

Regarding the security issue, would the sql statement in the sql connector may introduce some risk?

Thanks

mishav · May 22, 2017, 11:45am

The connection established between Bubble’s server and the SQL database is via HTTPS, so probably secure enough for what you want.

On the other hand, storing logins and passwords in a database without encryption is generally considered a high security risk. They’re accessible by anyone who has admin access to the database, plus potentially anyone with a valid login to the database, depending on table permissions.

NigelG · May 22, 2017, 2:19pm

Yes, as @mishav says it is storing it in clear that is a big risk.

What you could do is store the hashed and salted password and then use a Web service (which contains the hash key) to convert. I have looked at Dovecot for this, and will probably implement it in a few months time.

rkresnadi · June 13, 2017, 12:07am

This is beyond my knowledge This hashed password is a fake password then being converted through web service? where does this fake password stored? in bubble’s database?

@emmanuel, how would you recommend this if I want to store the login credential in external sql database?

Is there any documentation step by step on how to do this?

mishav · June 16, 2017, 4:41am

You can think of a hash as like taking a password and putting it in a blender, then storing a sample of the paste. You can’t get the original password back, but if you put an identical password through the same blender, you’ll get an identical bit of sample paste. A different password is highly unlikely to produce the same tasting paste - “there’s something a bit off about this flavour”.

Bubble already has a decent mechanism, so they’re unlikely to recommend you roll your own unless you know how to test it thoroughly : )