LiveCode Forums.

Dictionary definition of "password" property tells that scripts and custom properties in a password-protected stack are all encrypted.
It's true for scripts - until you don't type the password, you can't see scripts.
But after run in msg box the command: the stack custom properties are still possible to view their names and values in property inspector.

Is it a bug, or I missed something? How can I protect them?

Marek

The Dictionary entry for the password property includes:

If the password property of a stack is not empty, all the text in the stack is encrypted (so that it cannot be read in another program, such as a text editor). Scripts, custom properties, text in fields or buttons, and object names in a password-protected stack are all encrypted. However, you can still open the stack, see the contents, and get object properties.

To encrypt custom property values you can use the built-in encrypt and decrypt functions.

Thanks a lot Richard. It was not clear for me that custom property is encrypted, but you can see it. It should be encrypted also (custom only). But good to know and be sure.

Marek

When the password of a stack is set, custom properties are encrypted on disk along with the scripts, which prevents other programs from reading their values from disk. At runtime only scripts remain inaccessible because every object has only one script but can have any number of custom properties, even millions, so decrypting them all would be problematic. So the solution is to allow the developer to decide which properties also need to be encrypted at runtime, and to use the build-in encrypt and decrypt functions as needed.

Richard,
Password encryption for Livecode edits can only be done on the Stack Script level? Or should I say that encryption defaults to the stack level.
I was wondering if encryption could be just done on object's script only, although I haven't truly thought of why at this time. Just my mind exploring, I guess.

I know I must be doing something wrong. In the message window, if I type

set the password of this stack to "foo"; answer the password of this stack;

i see a response of true, not of foo. What am I missing? this seems like it should be so simple.

I don't believe the password itself is retrievable, for security reasons.

Richard is correct (as far as I have been able to ascertain), If passwords are coded in, that is the only way to retrieve them, you get an answer of 'true' because there is a password. If you don't put a password and type the same message, you will see 'false'.

Hi Mark,

welcome to the forum!

markhinnebusch wrote: ↑

Thu May 17, 2018 11:17 pm

...
answer the password of this stack
...

Be honest, would you use any programming environment where this is really working?
I wouldn't!

Best

Klaus