0

I'm working on a server-client program where the server is written in C++ and the client in PHP.

Some details:

The server

  • Has a list of known clients by hostname
  • Has a MD5 function implemented
  • Each known client has a unique string and the output of the MD5 function as attributes

The client(s)

  • They have the same MD5 function implemented

The communication

  • The server implements c-style sockets
  • The authentication is done by sending the client its attached string and receiving the output of the MD5 function. This output is compared with its own output and if they match, the client is authenticated.
  • The authentication is done N minutes after the client's last connection (So if the client is doing request very often, it remains authenticated).

I'm pretty sure this type of authentication is not very secure and is not even standard, so my question is:

What is the good way, if there is, to do this? It'd be better if you can recommend me some libraries and maybe a pseudo-code example.

Jcao02
  • 794
  • 8
  • 24
  • 2
    [openSSL](http://www.openssl.org/), [libreSSL](http://www.libressl.org/) for example? Also [this](http://stackoverflow.com/questions/3575889/how-to-implement-mutual-authentication-for-client-in-openssl-using-c) might be related, as well as [that](http://stackoverflow.com/questions/11580944/client-to-server-authentication-in-c-using-sockets). – Theolodis Jul 28 '14 at 12:34
  • See usage of openSSL and Kerberos (https://en.wikipedia.org/wiki/Kerberos_(protocol)) for authentication. – SChepurin Jul 28 '14 at 12:53

0 Answers0