Non-mysql (or Similar) Login

[joekgamer]

Is it possible to create a login/register system that does not use an external database software such as MySQL?

[CraigD]

Is it possible to create a login/register system that does not use an external database software such as MySQL?

Sure. I've done it many times - in fact, via a quirk of my career, I've never created a user authentication system that used an external database such as MySQL or Oracle.

 

If your software can access some sort of persistent data (eg: a file system, accessible by open/read/write/close commands/API calls), it can simple keep user data in a file. If the software already has such a file (eg: "myapp.ini"), you can use that. If it doesn't, but can still write to a file system, it can write to a set-aside part of its own executable file (eg: "myapp.exe"). If having a distinct file for user data doesn't bother you, it's easiest to just do that.

 

There are also programming languages/runtime environment with internal databases. Nearly all of the day-to-day programming I do is in such a language, MUMPS - a free copy of a high performance implementation of it, with a pretty GDI and lots of non-language standard extensions, can be had at http://www.intersystems.com/cache/downloads/index.html. In MUMPS, any persistent data can be created and manipulated using the same syntax used with non-persistent (ie: in memory) data.

 

If you want your user data to be secure against common threats, you'll want to encrypt at least passwords, which is more complicated, though nearly all programming language implementations these days come with intrinsic functions or supplied libraries to do this easily (eg: via MD5 1-way hashing)

[alexander]

MD5 is kind of prone to collisions, personally much prefer SHA to MD5, but essentially, regardless of where you store the data, you can absolutely create login system that wouldn't use a database back end infact, and i would not recommend this, but you can create a persistent register/login without storing any data at all anywhere outside of ram, with a language like Erlang, for example.

 

Though from creating multiple login systems, including some that didn't use a database back end, and a lot that did, one of the biggest things you should think about when creating such systems is security, beyond data validation, beyond even just the back end security, i cant tell you how often i come across some "secure" login system that falls on its face when you try to play with what you send the back end, or a system that can easily be injected into or overtaken if you are on net with the person using it. Security should be your main goal and concern, and for you, because you are not using a database, you also need to think about file system security, file permissions, code execution that could lead to being able to dump that file, services that may allow you to do that as well, etc, etc...

 

Just my $.02