Password protecting a data file... how to cope with forgotten password?
Kay C Lan
lan.kc.macmail at gmail.com
Wed Jun 13 02:34:45 CDT 2012
Curiosity got the better of me so I gave the Security command line + LC a
whirl and it was extremely easy.
After manually creating a dummy 'generic' account (not Internet, also
called application) in Keychain Access = dummyAcct, with Password =
password, I created a new main stack with one button and one field. In the
put empty into fld 1
put "security find-generic-password -a 'dummyAcct' -g" into tStore
put shell(tStore) into tStore2
put line 1 of tStore2 into fld 1
I was expecting the OS to give me a prompt for the OS User Password; I got
an OS prompt, but it was just a caution that one app (Security) was trying
to access another app (Keychain) and did I wish to allow it. Clicking Allow
let the script proceed - no OS User Password needed.
As pointed out, this is dangerous and could mean a non-intended user
sitting at the computer could obtain the application password.
So, as a safer alternative, you could, when the user first opens your app
and has to set a password, use Security + LC to store a copy in Keychain.
Then if the user forgets their password you could open Keychain for them,
then provide a prompt advising them that it's stored in Keychain and they
can retrieve it there - if it were me the prompt would include very
specific instructions on how to find your application password in Keychain
and conclude with a statement 'Do not click the Proceed button until you
have successfully retrieved your Password'. Obviously the prompt would
include a Cancel and Proceed btn, clicking Proceed would bring up a new
prompt to enter their Password.
In Keychain the only way you can view passwords is by the User entering
their OS User Password thereby preventing any casual user from access.
Sorry Bill for not suggesting using InfoWallet ;-(
More information about the use-livecode