Keeping a variable for the entire life of the application? Good/Bad?

  • (2 Pages)
  • +
  • 1
  • 2

23 Replies - 1566 Views - Last Post: 21 June 2016 - 01:45 PM Rate Topic: -----

#1 JapanDave   User is offline

  • D.I.C Regular

Reputation: 31
  • View blog
  • Posts: 390
  • Joined: 01-February 16

Keeping a variable for the entire life of the application? Good/Bad?

Posted 18 June 2016 - 12:41 AM

This is question if it is possible and if it is good practice to do.

This is my first time making an application that needs a password in C#.

What I was thinking was, in VBA you can set a global variable and for the life of the application can keep coming back to the variable when needed to test criteria that needs a password.

It would be a real pain to have to re-enter your password say on a combo box list of selections.

So , what is the standard way to deal with a situation like this?

Is This A Good Question/Topic? 0
  • +

Replies To: Keeping a variable for the entire life of the application? Good/Bad?

#2 andrewsw   User is offline

  • RequestedRangeNotSatisfiable
  • member icon

Reputation: 6561
  • View blog
  • Posts: 26,608
  • Joined: 12-December 12

Re: Keeping a variable for the entire life of the application? Good/Bad?

Posted 18 June 2016 - 12:55 AM

What kind of application and where is the password stored?

Yes, global variables should be avoided where possible.

A typical approach is to share a message, a token, to indicate that the user has logged on, and to compare this token so that the password doesn't need to be requested on each page/interaction. The token itself would effectively have global scope, but this is acceptable for something that persists for the lifetime of the session.
Was This Post Helpful? 1
  • +
  • -

#3 JapanDave   User is offline

  • D.I.C Regular

Reputation: 31
  • View blog
  • Posts: 390
  • Joined: 01-February 16

Re: Keeping a variable for the entire life of the application? Good/Bad?

Posted 18 June 2016 - 12:59 AM

It is an application that manages staff work hours and I need to have password clearance so the user can only see his/her sections data. Each section is stored in a collection in the application so accessing is easy enough.

I don't know what you mean by "a token", what is that and how do you use it?
Was This Post Helpful? 0
  • +
  • -

#4 andrewsw   User is offline

  • RequestedRangeNotSatisfiable
  • member icon

Reputation: 6561
  • View blog
  • Posts: 26,608
  • Joined: 12-December 12

Re: Keeping a variable for the entire life of the application? Good/Bad?

Posted 18 June 2016 - 01:20 AM

I meant is it WinForms? WPF? ASP.NET..? What are you using as persistent storage for passwords?

The answer to these questions determines how a token might be used. (A token could be as simple as a boolean variable loggedIn, but that obviously isn't a secure approach of itself.)
Was This Post Helpful? 0
  • +
  • -

#5 JapanDave   User is offline

  • D.I.C Regular

Reputation: 31
  • View blog
  • Posts: 390
  • Joined: 01-February 16

Re: Keeping a variable for the entire life of the application? Good/Bad?

Posted 18 June 2016 - 01:25 AM

As Skydiver suggested to me a while back, I am now learning WPF and this application is a WPF application. Sorry for the confusion.
Was This Post Helpful? 0
  • +
  • -

#6 andrewsw   User is offline

  • RequestedRangeNotSatisfiable
  • member icon

Reputation: 6561
  • View blog
  • Posts: 26,608
  • Joined: 12-December 12

Re: Keeping a variable for the entire life of the application? Good/Bad?

Posted 18 June 2016 - 02:05 AM

.. and the data store?

Anyway, there is a full example here:

Custom authorization in WPF

(It also follows MVVM, which is nice.)

It still uses a boolean, IsAuthenticated, but this is wrapped inside classes (and interfaces).

Passwords need to be hashed and salted. Plain text passwords are never secure.
Was This Post Helpful? 0
  • +
  • -

#7 andrewsw   User is offline

  • RequestedRangeNotSatisfiable
  • member icon

Reputation: 6561
  • View blog
  • Posts: 26,608
  • Joined: 12-December 12

Re: Keeping a variable for the entire life of the application? Good/Bad?

Posted 18 June 2016 - 02:10 AM

Quote

When a user clicks a login button in the view (the window), a command on the viewmodel executes to perform the actual authentication by validating the supplied credentials against our authentication service and, in case of a successful validation, setting the Identity property of the CustomPrincipal instance associated with the currently executing thread to an instance of our CustomIdentity class.

That's clever ;)

Looking again, it could actually provide a very good example to study MVVM from, although the authentication might blur the picture.
Was This Post Helpful? 0
  • +
  • -

#8 JapanDave   User is offline

  • D.I.C Regular

Reputation: 31
  • View blog
  • Posts: 390
  • Joined: 01-February 16

Re: Keeping a variable for the entire life of the application? Good/Bad?

Posted 19 June 2016 - 12:54 AM

Is there something or way that is a little simpler than that? The application really is not danger of getting hacked as it is only on a local network. I just want a password system so as only the appropriate sections can view their specified data. Probably would not even be necessary to hash or salt the passwords in reality.
Was This Post Helpful? 0
  • +
  • -

#9 andrewsw   User is offline

  • RequestedRangeNotSatisfiable
  • member icon

Reputation: 6561
  • View blog
  • Posts: 26,608
  • Joined: 12-December 12

Re: Keeping a variable for the entire life of the application? Good/Bad?

Posted 19 June 2016 - 01:10 AM

You can make it as simple and insecure as you want. You could just have a global boolean variable named logginIn and set it initially to false.

Your question title asks if it is "Good/Bad?". Such a primitive approach is obviously "Bad" and I would take this opportunity to learn something about security (and hashing and salting, etc.). At the very least, don't store the passwords as plain text. [I know that you were only asking if a global variable is Good/Bad.]

Salted Password Hashing - Doing it Right

Quote

..this guide is not meant to walk you through the process of writing your own storage system, it's to explain the reasons why passwords should be stored a certain way.

Was This Post Helpful? 1
  • +
  • -

#10 JapanDave   User is offline

  • D.I.C Regular

Reputation: 31
  • View blog
  • Posts: 390
  • Joined: 01-February 16

Re: Keeping a variable for the entire life of the application? Good/Bad?

Posted 19 June 2016 - 04:35 AM

Andrew, you are right, I should take the time to do this properly and learn something instead of being lazy. Thanks for the link I will have look.
Was This Post Helpful? 0
  • +
  • -

#11 andrewsw   User is offline

  • RequestedRangeNotSatisfiable
  • member icon

Reputation: 6561
  • View blog
  • Posts: 26,608
  • Joined: 12-December 12

Re: Keeping a variable for the entire life of the application? Good/Bad?

Posted 19 June 2016 - 05:56 AM

I should mention for completeness that C# does not have such a concept as global variables. You can define a variable or constant at the top of your program class, but it is still a member of that class.

The nearest equivalent is to create a static class, for example:
public class Globals
{
    private static bool _expired;
    public static bool Expired 
    {
        get
        {
            // Reads are usually simple
            return _expired;
        }
        set
        {
            // You can add logic here for race conditions,
            // or other measurements
            _expired = value;
        }
    }
    // Perhaps extend this to have Read-Modify-Write static methods
    // for data integrity during concurrency? Situational.
}

I am not encouraging this (although it is an acceptable technique for values or constants that are truly global, for the application) I am just providing information.



In the OOP world there are no globals. PI is in the Math namespace.

I suppose Planck's constant belongs in a Physics namespace, the universal gravitational constant in a/the Universe namespace (a singleton?). (What's outside the universe?)
Was This Post Helpful? 0
  • +
  • -

#12 snoopy11   User is offline

  • Engineering ● Software
  • member icon

Reputation: 1467
  • View blog
  • Posts: 4,726
  • Joined: 20-March 10

Re: Keeping a variable for the entire life of the application? Good/Bad?

Posted 19 June 2016 - 08:19 AM

Yeah,

I prefer to keep reality in check,

What's Outside the Universe ?

We don't really know...

It leads to all sorts of nasty conundrums...

That I prefer not to contemplate.

The Universe is all that there is.

Webster defines it as

Quote

the universe : all of space and everything in it including stars, planets, galaxies, etc.


If the Universe is all of space and everything in it, then what else could there possibly be ?
Was This Post Helpful? 0
  • +
  • -

#13 andrewsw   User is offline

  • RequestedRangeNotSatisfiable
  • member icon

Reputation: 6561
  • View blog
  • Posts: 26,608
  • Joined: 12-December 12

Re: Keeping a variable for the entire life of the application? Good/Bad?

Posted 19 June 2016 - 10:00 AM

What's outside the universe are odd socks, pens, money, my dignity ;)
Was This Post Helpful? 0
  • +
  • -

#14 JapanDave   User is offline

  • D.I.C Regular

Reputation: 31
  • View blog
  • Posts: 390
  • Joined: 01-February 16

Re: Keeping a variable for the entire life of the application? Good/Bad?

Posted 19 June 2016 - 09:26 PM

Andrew, that interesting about global variables and that example explains a lot.

Can I ask why you made this a a private instead of public?

private static bool _expired;


Cheers
Was This Post Helpful? 0
  • +
  • -

#15 modi123_1   User is offline

  • Suitor #2
  • member icon



Reputation: 14155
  • View blog
  • Posts: 56,745
  • Joined: 12-June 08

Re: Keeping a variable for the entire life of the application? Good/Bad?

Posted 19 June 2016 - 09:35 PM

.. because the properites get/set should be the only controlled accessible route to the variable.
Was This Post Helpful? 1
  • +
  • -

  • (2 Pages)
  • +
  • 1
  • 2