[iOS] Ask password not encrypted?
J. Landman Gay
jacque at hyperactivesw.com
Tue Feb 28 14:53:02 EST 2012
On 2/28/12 10:56 AM, Joe Lewis Wilkins wrote:
> Why are strings encrypted?
Not all strings are, but passwords should be so that they are not
readable by anyone. You really don't want your bank storing your
password as plain text, where a hacker could get it and wipe out your
bank account.
Some stacks use passwords to verify that the user has the right to run
the stack. The password must be stored somewhere so your scripts can
compare it to whatever the user enters. If you don't use an encrypted
password, the plain text password must be stored and if the stack itself
is not password protected then anyone with a text editor can see the
password and get in.
If my password is "parrot", then I can either store that word and risk
its discovery, or I can use "ask password" to encrypt it so that it's
obscured. After encryption "parrot" becomes: =h`//q . That's the string
you store in the stack for later comparisons. If a user enters the
encrypted text in the password dialog it won't work, only "parrot" will.
It isn't really complicated to use; just store whatever "ask password"
returns. After that, comparing the user entry to your stored password is
identical to using a non-encrypted one.
--
Jacqueline Landman Gay | jacque at hyperactivesw.com
HyperActive Software | http://www.hyperactivesw.com
More information about the use-livecode
mailing list