Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Passwordchar not waterproof when copy pasted
Message
From
04/10/2006 05:09:30
Cetin Basoz
Engineerica Inc.
Izmir, Turkey
 
 
To
04/10/2006 04:46:20
Guillaume Engelen
T.M.L. Bvba
Ternat, Belgium
General information
Forum:
Visual FoxPro
Category:
Forms & Form designer
Title:
Re: Passwordchar not waterproof when copy pasted
Environment versions
Visual FoxPro:
VFP 9 SP1
OS:
Windows XP SP2
Network:
Windows 2003 Server
Database:
Visual FoxPro
Miscellaneous
Thread ID:
01159255
Message ID:
01159260
Views:
17
>When using a passwordchar, you can copy the masked contents using ctrl-c
>When you paste this in a textdocument, voila, the password is revealed.
>This seems a serious issue since all protection is bypassed using two keyboard commands.
>Is there a workaround for this?
>But keep in mind a user must be able to type in the textbox to change the password.
>
>Guillaume

If you have such a concern:
1) Intercept the key typed in keypress and store elsewhere, replace with an irrelevant char (ie: a constant '*' or space).
2) Use a web browser control.
3) Do not allow focus there and use on screen keyboard.

IMHO it shouldn't be an issue. If user A is typing his pwd and leaving site, someone else with physical access could simply press enter to gain entry and maybe change the password.

PS: For "remember me" style passwords what I do is to simply put there a long and irrelevant text. They can't steal the actual one with Ctrl+C/V.
Cetin
Çetin Basöz

The way to Go
Flutter - For mobile, web and desktop.
World's most advanced open source relational database.
.Net for foxheads - Blog (main)
FoxSharp - Blog (mirror)
Welcome to FoxyClasses

LinqPad - C#,VB,F#,SQL,eSQL ... scratchpad
Previous
Reply
Map
View

Click here to load this message in the networking platform