Password Field

Rob Cozens rcozens at pon.net
Wed Jan 21 08:26:06 EST 2004 

>Well, I ended up taking a different tack on the password field 
>thing.  Although the solutions given will work in most cases I 
>decided to go the route of setting the foreground, background and 
>hilite color of my password field to white then disallowing the 
>"copy" function (Cmd-C, Ctrl-C) so that no one can select the 
>entered text, copy it to the clipboard then paste it into something 
>else in order to obtain the password.  In the end this ended up 
>being easier than trying to (1) figure out all the possible ways 
>someone can "get" the password and (2) ensure that whatever someone 
>does with the mouse or keyboard, the entered password is correct 
>(i.e. what if they use the mouse to select some of the "dots" in the 
>field and remove them ... it was just getting too complicated).

Hi Brian,

I got into this thread a little late, so forgive me if this has been addressed.

The general approach to passwords is via an ask password dialog box 
instead of a field.  The ask password command takes care of all the 
details you are struggling with when trying to replicate a password 
dialog in a field.

As part of this approach, the password is never unencrypted:  Sys 
Admin creates a password via the ask password dialog, hides the 
result in the application, and tells the user what keys to press when 
responding to ask password.  Password verification involves comparing 
the user's response to ask password with the encrypted response 
stored in the application.

Note that the user input is never derived by unencrypting the ask 
password response.

So I ask:

1.  Is it necessary that the password be entered in a field instead 
of via the ask password dialog?

2.  Is there a reason why you need to know what keys the user pressed 
(eg: the user is entering "secure" data instead of a predefined 
password)?

If you answer both questions in the negative, I suggest you look at 
ask password syntax.
-- 

Rob Cozens
CCW, Serendipity Software Company
http://www.oenolog.net/who.htm

"And I, which was two fooles, do so grow three;
Who are a little wise, the best fooles bee."

from "The Triple Foole" by John Donne (1572-1631)

More information about the use-livecode mailing list