Mask a Password and reuse the text afterwards
Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller, robinmiller
Mask a Password and reuse the text afterwards
Hello,
I created a Login and want to mask the password.
I already searched a lot but I did not find the right code. I need to reuse the masked password afterwards. Has somebody a idea how to do it?
I tried it with a special font which consist of blobs but I want to do it without a Password font
The ask Password method is no option unfortunately.
thanks
I created a Login and want to mask the password.
I already searched a lot but I did not find the right code. I need to reuse the masked password afterwards. Has somebody a idea how to do it?
I tried it with a special font which consist of blobs but I want to do it without a Password font
The ask Password method is no option unfortunately.
thanks
-
- Livecode Opensource Backer
- Posts: 9287
- Joined: Fri Feb 19, 2010 10:17 am
- Location: Bulgaria
Re: Mask a Password and reuse the text afterwards
In the text entry field script:
Code: Select all
global WORDP
on keyDown KD
put "sausages" into PWORD
put "X" after fld "ff"
put KD after WORDP
if WORDP contains PWORD then
put "success" into fld "gg"
put empty into WORDP
else
put empty into fld "gg"
end if
end keyDown
- Attachments
-
- Passworder.livecode.zip
- Here's the stack.
- (1.03 KiB) Downloaded 140 times
-
- Livecode Opensource Backer
- Posts: 9287
- Joined: Fri Feb 19, 2010 10:17 am
- Location: Bulgaria
Re: Mask a Password and reuse the text afterwards
If you think for a moment you'll see that the password never goes near the text field, all that ends up in there is a line
of Xs so that the end-user knows that they have typed the correct number of characters. Therefore no-one can copy-paste
the password for dirty ends.
of Xs so that the end-user knows that they have typed the correct number of characters. Therefore no-one can copy-paste
the password for dirty ends.
-
- VIP Livecode Opensource Backer
- Posts: 9580
- Joined: Wed May 06, 2009 2:28 pm
- Location: New York, NY
Re: Mask a Password and reuse the text afterwards
Richard is on to something with never allowing the actual password into that field.
I just fooled around, since I don't like using globals. On a card with a custom property "PW" set to text of your choice, and a field with this in its script:
It supports the backSpaceKey. This can be tweaked in several places
Craig
I just fooled around, since I don't like using globals. On a card with a custom property "PW" set to text of your choice, and a field with this in its script:
Code: Select all
on keyDown tkey
put "*" after me
set the currentText of me to the currentText of me & tKey
if the currentText of me = the pw of this cd then
answer "Success"
put "" into me
end if
end keyDown
on mouseEnter
put "" into me
set the currentText of me to ""
select text of me
end mouseEnter
on backSpaceKey
delete the last char of me
set the currenttext of me to char 1 to the number of chars of the currentText of me - 1 of the currenttext of me
end backSpaceKey
Craig
Re: Mask a Password and reuse the text afterwards
Hi Fanny, user input can be masked a couple of ways.
You can make it more complicated by holding the entered text in a custom property of the field, then converting all characters to the unicode symbols for a black circle for example. However this is complex, messy and makes it difficult to insert text in the middle.
A much simpler approach is simply to set the imageSource of each character of the password with an image (commonly a black circle) --EDIT: To clarify, the text property of the field will still be what the user typed, but on screen, each character is replaced with the selected graphic.
You can create this graphic easily in LC by creating a circular oval - to ensure some separation of the ovals in the field, make sure it has a thin border (1-2 px) the same colour of the background of the field (usually white). I found that it's usually best to set the height & width of this to about 75% of the textHeight property of the field.
Then you'll need to covert the graphic to an image by File menu -> import as control -> snapshot of selected object.
Name the new image and you'll probably also want to make it invisible.
If you intend to allow showing/hiding of characters, you'll need to add a custom property to the field to act as a flag to show or obscure input - in the example below, i've called this showPassword). Then all you have to do is add a handler to your field:
Code: Select all
command showHideText
if the showPassword of me is false then
repeat with x = 1 to the length of me
set the imageSource of character x of me to "imageFromGraphic"
end repeat
else
repeat with x = 1 to the length of me
set the imageSource of character x of me to empty
end repeat
end if
end showHideText
Code: Select all
on textchanged
showHideText
end textchanged
Of course, if you do not intend the user being able to see what they typed and always want the password to be obscured, you just need to change the textChanged handler of the password field:
Code: Select all
on textchanged
repeat with x = 1 to the length of me
set the imageSource of character x of me to "imageFromGraphic"
end repeat
end textchanged
- Attachments
-
- passwordText.livecode.zip
- (2.52 KiB) Downloaded 145 times
Last edited by stam on Tue Apr 27, 2021 9:17 am, edited 1 time in total.
-
- Livecode Opensource Backer
- Posts: 9287
- Joined: Fri Feb 19, 2010 10:17 am
- Location: Bulgaria
Re: Mask a Password and reuse the text afterwards
Who is 'Richard', Crag?Richard is on to something with never allowing the actual password into that field.
Re: Mask a Password and reuse the text afterwards
I wonder if he's referring to Richard Gaskin and a previous conversation discussing security; the upshot was that you shouldn't store the actual password in the app or a database, as that can be stolen; instead you would store a hash of it which couldn't be used to guess the password and you would then hash the user entry in the same way and make a comparison. That way no one can steal a stored password.richmond62 wrote: ↑Tue Apr 27, 2021 7:41 amWho is 'Richard', Crag?Richard is on to something with never allowing the actual password into that field.
However that doesn't apply to this case, as the user needs to actually enter a password somewhere... instead we need to obscure the user entry.
-
- Livecode Opensource Backer
- Posts: 9287
- Joined: Fri Feb 19, 2010 10:17 am
- Location: Bulgaria
Re: Mask a Password and reuse the text afterwards
Useful information.you shouldn't store the actual password in the app
But the OP (who might be a phantom) has this "reuse the text afterwards" which I don't understand:
For a password to be a password it has to have something somewhere (whether hashed or hidden inside an app) to be compared
with, so, as the password is already known the "reuse the text afterwards" makes little or no sense.
Re: Mask a Password and reuse the text afterwards
Hi Richmond,richmond62 wrote: ↑Tue Apr 27, 2021 7:58 amBut the OP (who might be a phantom) has this "reuse the text afterwards" which I don't understand:
I understood the OP to ask:
1. how to mask the user entry
2. how to use the entered text - hence 'reuse the text afterwards'. As in, not just replacing the char with a obfuscating char, the OP wanted to use the text entered as well.
Maybe i misunderstood, happy to be corrected by the OP if (s)he reappears
-
- Livecode Opensource Backer
- Posts: 9287
- Joined: Fri Feb 19, 2010 10:17 am
- Location: Bulgaria
Re: Mask a Password and reuse the text afterwards
Well, as the entered text SHOULD echo the embedded password I don't see that that is necessary.As in, not just replacing the char with a obfuscating char, the OP wanted to use the text entered as well.
AND, if the end-user enters the text, in my example at least, as it is stored in a string it would be quite possible
to put something like:
Code: Select all
put "You typed" && WORDP && "you silly plonker!"
Re: Mask a Password and reuse the text afterwards
Here is a link for another basic DEMO STACK masking the password and defining a basic login.
It uses a "login" group that can be placed into almost any stack.
The entered password can be made visible if requested.
The password is encrypted and then Base64-converted.
All details are explained in the group script that can be edited using the "Open script..." button.
https://drive.google.com/file/d/1HHSfNp ... sp=sharing
Have fun...
Roland (golife)
It uses a "login" group that can be placed into almost any stack.
The entered password can be made visible if requested.
The password is encrypted and then Base64-converted.
All details are explained in the group script that can be edited using the "Open script..." button.
https://drive.google.com/file/d/1HHSfNp ... sp=sharing
Have fun...
Roland (golife)
Code: Select all
[attachment=0]login stack.PNG[/attachment]
-
- VIP Livecode Opensource Backer
- Posts: 9580
- Joined: Wed May 06, 2009 2:28 pm
- Location: New York, NY
Re: Mask a Password and reuse the text afterwards
Richmond.
"Richard" is you, and this is the second time I have misWritten your name. Careless, you know.
Craig
"Richard" is you, and this is the second time I have misWritten your name. Careless, you know.
Craig
-
- Livecode Opensource Backer
- Posts: 9287
- Joined: Fri Feb 19, 2010 10:17 am
- Location: Bulgaria
Re: Mask a Password and reuse the text afterwards
Serve my great-grandparents right for naming my Grandfather with his Mum's maiden name . . .
And before you say words such as 'Dixie' and 'Antebellum' that was in Scotland in 1896.
And before you say words such as 'Dixie' and 'Antebellum' that was in Scotland in 1896.
-
- VIP Livecode Opensource Backer
- Posts: 7215
- Joined: Sat Apr 08, 2006 8:31 pm
- Location: Minneapolis MN
- Contact:
Re: Mask a Password and reuse the text afterwards
I use the imageSource method which has the advantage of supporting all text editing features without displaying the actual text to the user. There is no need to manage backspace or any other control keys.
I also need to "use it later" because once the login credentials are entered I need to send it off to a server for validation before allowing the user to continue. This is easy because the data is regular field text. There are no copy functions in the app so the temporary text is secure. Once validated the entry is encrypted and stored on disk so that the user doesn't have to log in every time, and the text in the field is deleted.
I also need to "use it later" because once the login credentials are entered I need to send it off to a server for validation before allowing the user to continue. This is easy because the data is regular field text. There are no copy functions in the app so the temporary text is secure. Once validated the entry is encrypted and stored on disk so that the user doesn't have to log in every time, and the text in the field is deleted.
Jacqueline Landman Gay | jacque at hyperactivesw dot com
HyperActive Software | http://www.hyperactivesw.com
HyperActive Software | http://www.hyperactivesw.com
-
- VIP Livecode Opensource Backer
- Posts: 9580
- Joined: Wed May 06, 2009 2:28 pm
- Location: New York, NY
Re: Mask a Password and reuse the text afterwards
Jacque.
We have spoken about the image source as a clean and easy method in the past.
Do you think there is no danger that the imageSource can be hacked? I have no idea; I never need to worry about Security , but I know you always do.
That is why Richmond, and then I, went the "No password left behind" way.
Craig
We have spoken about the image source as a clean and easy method in the past.
Do you think there is no danger that the imageSource can be hacked? I have no idea; I never need to worry about Security , but I know you always do.
That is why Richmond, and then I, went the "No password left behind" way.
Craig