Password protected stack

Anything beyond the basics in using the LiveCode language. Share your handlers, functions and magic here.

Moderators: heatherlaine, Klaus, FourthWorld, robinmiller, kevinmiller

Post Reply
snm
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 253
Joined: Fri Dec 09, 2011 11:17 am
Location: Warszawa / Poland

Password protected stack

Post by snm » Sun Feb 08, 2015 12:47 am

Dictionary definition of "password" property tells that scripts and custom properties in a password-protected stack are all encrypted.
It's true for scripts - until you don't type the password, you can't see scripts.
But after run in msg box the command:

Code: Select all

set the password of stack "myStack" to "password"
the stack custom properties are still possible to view their names and values in property inspector.

Is it a bug, or I missed something? How can I protect them?

Marek

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 6044
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: Password protected stack

Post by FourthWorld » Sun Feb 08, 2015 2:05 am

The Dictionary entry for the password property includes:
If the password property of a stack is not empty, all the text in the stack is encrypted (so that it cannot be read in another program, such as a text editor). Scripts, custom properties, text in fields or buttons, and object names in a password-protected stack are all encrypted. However, you can still open the stack, see the contents, and get object properties.
To encrypt custom property values you can use the built-in encrypt and decrypt functions.
Richard Gaskin
Community volunteer LiveCode Community Liaison

LiveCode development, training, and consulting services: Fourth World Systems: http://FourthWorld.com
LiveCode User Group on Facebook : http://FaceBook.com/groups/LiveCodeUsers/

snm
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 253
Joined: Fri Dec 09, 2011 11:17 am
Location: Warszawa / Poland

Re: Password protected stack

Post by snm » Sun Feb 08, 2015 2:17 am

Thanks a lot Richard. It was not clear for me that custom property is encrypted, but you can see it. It should be encrypted also (custom only). But good to know and be sure.

Marek

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 6044
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: Password protected stack

Post by FourthWorld » Sun Feb 08, 2015 7:41 pm

When the password of a stack is set, custom properties are encrypted on disk along with the scripts, which prevents other programs from reading their values from disk. At runtime only scripts remain inaccessible because every object has only one script but can have any number of custom properties, even millions, so decrypting them all would be problematic. So the solution is to allow the developer to decide which properties also need to be encrypted at runtime, and to use the build-in encrypt and decrypt functions as needed.
Richard Gaskin
Community volunteer LiveCode Community Liaison

LiveCode development, training, and consulting services: Fourth World Systems: http://FourthWorld.com
LiveCode User Group on Facebook : http://FaceBook.com/groups/LiveCodeUsers/

chipsm
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 199
Joined: Wed May 11, 2011 7:50 pm
Location: Southern California

Re: Password protected stack

Post by chipsm » Sun Jul 05, 2015 6:19 pm

Richard,
Password encryption for Livecode edits can only be done on the Stack Script level? Or should I say that encryption defaults to the stack level.
I was wondering if encryption could be just done on object's script only, although I haven't truly thought of why at this time. Just my mind exploring, I guess.
Clarence Martin

markhinnebusch
Posts: 21
Joined: Thu May 17, 2018 7:32 pm
Location: Florida, USA

Re: Password protected stack

Post by markhinnebusch » Thu May 17, 2018 11:17 pm

I know I must be doing something wrong. In the message window, if I type

set the password of this stack to "foo"; answer the password of this stack;

i see a response of true, not of foo. What am I missing? this seems like it should be so simple.

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 6044
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: Password protected stack

Post by FourthWorld » Fri May 18, 2018 12:15 am

I don't believe the password itself is retrievable, for security reasons.
Richard Gaskin
Community volunteer LiveCode Community Liaison

LiveCode development, training, and consulting services: Fourth World Systems: http://FourthWorld.com
LiveCode User Group on Facebook : http://FaceBook.com/groups/LiveCodeUsers/

bogs
Posts: 1914
Joined: Sat Feb 25, 2017 10:45 pm

Re: Password protected stack

Post by bogs » Fri May 18, 2018 3:03 pm

Richard is correct (as far as I have been able to ascertain), If passwords are coded in, that is the only way to retrieve them, you get an answer of 'true' because there is a password. If you don't put a password and type the same message, you will see 'false'.
Image

Klaus
Posts: 10169
Joined: Sat Apr 08, 2006 8:41 am
Location: Germany
Contact:

Re: Password protected stack

Post by Klaus » Fri May 18, 2018 3:08 pm

Hi Mark,

welcome to the forum!
markhinnebusch wrote:
Thu May 17, 2018 11:17 pm
...
answer the password of this stack
...
Be honest, would you use any programming environment where this is really working? :shock:
I wouldn't! :D

Best

Klaus

Post Reply

Return to “Talking LiveCode”