Password protecting a data file... how to cope with forgotten password?

Bob Sneidar bobs at twft.com
Tue Jun 12 12:25:27 EDT 2012


For an application I think the only way to maintain security in this situation is to tell people to NOT FORGET THEIR PASSWORD or else they will lose access to their data. They will need at that point to create a new account and password. But a password may not be necessary. 

Is this a single user kind of application? If so, then their security is being provided by the OS when they log into their computer as themselves. The app (IMHO) should not need to provide security, because access to their computer and their account is their responsibility. 

If this is a multi-user app where different people can log in as themselves and access their own data, then what I would do for an app like yours is have an Administrator account, and upon first login, force the user to create an admin password with stern warnings about not forgetting it. I then restrict admins to account creation and deletion only. Admins are not allowed to view sensitive data. Deletion of an account deletes the data as well. 

I would really like to see a Livecode command that called the OS authentication dialog, and returned true if successful, false if not. 

Bob

On Jun 12, 2012, at 8:41 AM, Tereza Snyder wrote:

> The application I’m working on needs to store possibly confidential client info on the user’s hard drive. It's asking for an optional password. (The password is optional because it’s up to the user whether they want the extra protection). If they DO input a password, and subsequently forget it, how can I provide a non-internet-based mechanism for retrieving or resetting the password?
> 
> I thought I’d ask them to re-authenticate as the current user at the OS level, the way many programs do. How might that be done in LC?
> 
> Perhaps there’s another way?
> 
> t
> 
> 
> 
> -- 
> Tereza Snyder
> Califex Software, Inc.
> <www.califexsoftware.com>
> 
> 
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode





More information about the Use-livecode mailing list