Page 1 of 2
Mask a Password and reuse the text afterwards
Posted: Mon Apr 26, 2021 2:56 pm
by fanny
Hello,
I created a Login and want to mask the password.
I already searched a lot but I did not find the right code. I need to reuse the masked password afterwards. Has somebody a idea how to do it?
I tried it with a special font which consist of blobs but I want to do it without a Password font
The ask Password method is no option unfortunately.
thanks
Re: Mask a Password and reuse the text afterwards
Posted: Mon Apr 26, 2021 3:56 pm
by richmond62
-
In the text entry field script:
Code: Select all
global WORDP
on keyDown KD
put "sausages" into PWORD
put "X" after fld "ff"
put KD after WORDP
if WORDP contains PWORD then
put "success" into fld "gg"
put empty into WORDP
else
put empty into fld "gg"
end if
end keyDown
The password is
sausages.
Re: Mask a Password and reuse the text afterwards
Posted: Mon Apr 26, 2021 7:28 pm
by richmond62
If you think for a moment you'll see that the password never goes near the text field, all that ends up in there is a line
of Xs so that the end-user knows that they have typed the correct number of characters. Therefore no-one can copy-paste
the password for dirty ends.
Re: Mask a Password and reuse the text afterwards
Posted: Mon Apr 26, 2021 8:36 pm
by dunbarx
Richard is on to something with never allowing the actual password into that field.
I just fooled around, since I don't like using globals. On a card with a custom property "PW" set to text of your choice, and a field with this in its script:
Code: Select all
on keyDown tkey
put "*" after me
set the currentText of me to the currentText of me & tKey
if the currentText of me = the pw of this cd then
answer "Success"
put "" into me
end if
end keyDown
on mouseEnter
put "" into me
set the currentText of me to ""
select text of me
end mouseEnter
on backSpaceKey
delete the last char of me
set the currenttext of me to char 1 to the number of chars of the currentText of me - 1 of the currenttext of me
end backSpaceKey
It supports the backSpaceKey. This can be tweaked in several places
Craig
Re: Mask a Password and reuse the text afterwards
Posted: Tue Apr 27, 2021 1:44 am
by stam
fanny wrote: ↑Mon Apr 26, 2021 2:56 pm
I created a Login and want to mask the password.
Hi Fanny, user input can be masked a couple of ways.
You can make it more complicated by holding the entered text in a custom property of the field, then converting all characters to the unicode symbols for a black circle for example. However this is complex, messy and makes it difficult to insert text in the middle.
A
much simpler approach is simply to
set the imageSource of each character of the password with an image (commonly a black circle) --EDIT: To clarify, the text property of the field will still be what the user typed, but on screen, each character is replaced with the selected graphic.
You can create this graphic easily in LC by creating a circular oval - to ensure some separation of the ovals in the field, make sure it has a thin border (1-2 px) the same colour of the background of the field (usually white). I found that it's usually best to set the height & width of this to about 75% of the textHeight property of the field.
Then you'll need to covert the graphic to an image by
File menu ->
import as control ->
snapshot of selected object.
Name the new image and you'll probably also want to make it invisible.
If you intend to allow showing/hiding of characters, you'll need to add a custom property to the field to act as a flag to show or obscure input - in the example below, i've called this
showPassword). Then all you have to do is add a handler to your field:
Code: Select all
command showHideText
if the showPassword of me is false then
repeat with x = 1 to the length of me
set the imageSource of character x of me to "imageFromGraphic"
end repeat
else
repeat with x = 1 to the length of me
set the imageSource of character x of me to empty
end repeat
end if
end showHideText
and call this from the TextChanged hander:
Code: Select all
on textchanged
showHideText
end textchanged
This has the benefit that you can call this showHideText handler from another object (eg a button to show/hide password) as well as copy/paste the obscured password (this is commonplace nowadays with all the password managers).
Of course, if you do not intend the user being able to see what they typed and always want the password to be obscured, you just need to change the
textChanged handler of the password field:
Code: Select all
on textchanged
repeat with x = 1 to the length of me
set the imageSource of character x of me to "imageFromGraphic"
end repeat
end textchanged
Here's an example (toggle visibility with the svg widget on the right by dispatching the showHideText handler to the field):
Re: Mask a Password and reuse the text afterwards
Posted: Tue Apr 27, 2021 7:41 am
by richmond62
Richard is on to something with never allowing the actual password into that field.
Who is 'Richard', Crag?
Re: Mask a Password and reuse the text afterwards
Posted: Tue Apr 27, 2021 7:49 am
by stam
richmond62 wrote: ↑Tue Apr 27, 2021 7:41 am
Richard is on to something with never allowing the actual password into that field.
Who is 'Richard', Crag?
I wonder if he's referring to Richard Gaskin and a previous conversation discussing security; the upshot was that you shouldn't store the actual password in the app or a database, as that can be stolen; instead you would store a
hash of it which couldn't be used to guess the password and you would then hash the user entry in the same way and make a comparison. That way no one can steal a stored password.
However that doesn't apply to this case, as the user needs to actually enter a password somewhere... instead we need to obscure the user entry.
Re: Mask a Password and reuse the text afterwards
Posted: Tue Apr 27, 2021 7:58 am
by richmond62
you shouldn't store the actual password in the app
Useful information.
But the OP (who might be a phantom) has this "reuse the text afterwards" which I don't understand:
For a password to be a password it has to have something somewhere (whether hashed or hidden inside an app) to be compared
with, so, as the password is already known the "reuse the text afterwards" makes little or no sense.
Re: Mask a Password and reuse the text afterwards
Posted: Tue Apr 27, 2021 9:00 am
by stam
richmond62 wrote: ↑Tue Apr 27, 2021 7:58 am
But the OP (who might be a phantom) has this "reuse the text afterwards" which I don't understand:
Hi Richmond,
I understood the OP to ask:
1. how to mask the user entry
2. how to use the entered text - hence 'reuse the text afterwards'. As in, not just replacing the char with a obfuscating char, the OP wanted to use the text entered as well.
Maybe i misunderstood, happy to be corrected by the OP if (s)he reappears
Re: Mask a Password and reuse the text afterwards
Posted: Tue Apr 27, 2021 10:14 am
by richmond62
As in, not just replacing the char with a obfuscating char, the OP wanted to use the text entered as well.
Well, as the entered text SHOULD echo the embedded password I don't see that that is necessary.
AND, if the end-user enters the text, in my example at least, as it is stored in a string it would be quite possible
to put something like:
Code: Select all
put "You typed" && WORDP && "you silly plonker!"
if their string did NOT match the password, into a text field.
Re: Mask a Password and reuse the text afterwards
Posted: Tue Apr 27, 2021 1:29 pm
by golife
Here is a link for another basic DEMO STACK masking the password and defining a basic login.
It uses a "login" group that can be placed into almost any stack.
The entered password can be made visible if requested.
The password is encrypted and then Base64-converted.
All details are explained in the group script that can be edited using the "Open script..." button.
https://drive.google.com/file/d/1HHSfNp ... sp=sharing
Have fun...
Roland (golife)
Code: Select all
[attachment=0]login stack.PNG[/attachment]
Re: Mask a Password and reuse the text afterwards
Posted: Tue Apr 27, 2021 1:41 pm
by dunbarx
Richmond.
"Richard" is you, and this is the second time I have misWritten your name. Careless, you know.
Craig
Re: Mask a Password and reuse the text afterwards
Posted: Tue Apr 27, 2021 1:57 pm
by richmond62
Serve my great-grandparents right for naming my Grandfather with his Mum's maiden name . . .
And before you say words such as 'Dixie' and 'Antebellum' that was in Scotland in 1896.
Re: Mask a Password and reuse the text afterwards
Posted: Tue Apr 27, 2021 5:56 pm
by jacque
I use the imageSource method which has the advantage of supporting all text editing features without displaying the actual text to the user. There is no need to manage backspace or any other control keys.
I also need to "use it later" because once the login credentials are entered I need to send it off to a server for validation before allowing the user to continue. This is easy because the data is regular field text. There are no copy functions in the app so the temporary text is secure. Once validated the entry is encrypted and stored on disk so that the user doesn't have to log in every time, and the text in the field is deleted.
Re: Mask a Password and reuse the text afterwards
Posted: Tue Apr 27, 2021 6:11 pm
by dunbarx
Jacque.
We have spoken about the image source as a clean and easy method in the past.
Do you think there is no danger that the imageSource can be hacked? I have no idea; I never need to worry about Security , but I know you always do.
That is why Richmond, and then I, went the "No password left behind" way.
Craig