10 Replies Latest reply on Feb 11, 2011 4:33 AM by james.gould

    password like field (*****)

    thezed

      Title

      password like field (*****)

      Post

       

      Hi - I'm looking for a way to have a field that displays **** when data is entered, like a password field would. This is for a custom login layout.

       

      Many thanks,

      Z. 

       

        • 1. Re: password like field (*****)
          kapitaen_1
            

          no chance for *** password field.

          but a simple workaround is black text on black background.

           

          greetings from germany

          chris 

          • 2. Re: password like field (*****)
            Orlando
              

            Hi thezed

             

            If your using FileMaker 10 have a look at this.

             

            Database Pros

             

            -- Orlando 

            • 3. Re: password like field (*****)
              LaRetta_1
                

              thezed wrote:

               

              Hi - I'm looking for a way to have a field that displays **** when data is entered, like a password field would. This is for a custom login layout.


              Custom login is very dangerous and it isn't recommended because any time you place text in a field (whether global or font changed to same color as background), you risk exposing your file to improper access.  You REALLY should use standard Accounts & Privileges.  But if security isn't that important and you just want to handle login then Show Custom Dialog (Input tab) allows entry but displays password characters.


              • 4. Re: password like field (*****)
                etripoli
                   How about a series of buttons, like a pin pad, instead of an text field.  Then you could setup a calculation field to display the correct number of * or •
                • 5. Re: password like field (*****)
                  LaRetta_1
                     There are also fonts which produce *.  But I would never use ANY of these approaches.  Data is too important and should be properly protected using Privileges.
                  • 6. Re: password like field (*****)
                    ninja
                      

                    Howdy thezed,

                     

                    With a purchased copy of FMP advanced, and a working knowledge of FMP, there aren't many custom login layouts that can't be cracked wide open in a matter of minutes.

                     

                    I understand why you would want one...the standard login looks pretty boring...but if you've already thought twice, please think a third time.  Custom login isn't secure.  Use the accounts and privileges system built in, no matter how boring they look.

                     

                    There are cases where custom login is the only way to go, but they are very few and very far between.  If you can use the login feature built in, you should use it.  If it flat out isn't possible, only then consider another option.

                     

                    My two cents...enjoy the day!

                    • 7. Re: password like field (*****)
                      edusouza
                        

                      Hello, Thezed and all,

                       

                      My two cents, in case you don't mind.

                      I agree with Ninja and LaRetta: you should use FMP's native Account & Privileges whenever possible.

                      An alternative, but just in case you're using Mac OS X, is to develop your security measures outside FMP.

                      I developed a hybrid solution (FMP, Flash, and MySQL) for Mac-only where I programmed AppleScript to take the security task. A good thing about AppleScript is that it may access invisible files saved in any local or network disk, and it has the ability do the password •••••.

                      So, if you're developing your solution in an OS X - only environment, AppleScript is perhaps the way to go.

                       

                      (note: you'll see a lot of my posts making reference to Apple's native scripting language, for I'm an AppleScript fanatic) :)

                       

                      You may find some examples at MacScripter. However, and just for your fun (in case you DO use a Mac running OS X 10.3.x +), here is a very basic example:

                       

                       

                      set my_name to "Thezed in doubt"

                      set my_pass to text returned of (display dialog "Enter password for " & ¬

                           quoted form of my_name ¬

                           with title ¬

                           "Password Window Test" with icon stop ¬

                           default answer ¬

                           "justatest" buttons {"Continue…"} ¬

                           default button 1 ¬

                           with hidden answer)

                      Paste the code above into an empty Script Editor document, and run. By the way, the password for this example is "justatest".

                       

                      I hope I may've been of any help.

                       

                      Cheers! 

                       

                      • 8. Re: password like field (*****)
                        thezed
                          

                        Great script there Orlando, just what I needed thanks!

                        Z. 

                        • 9. Re: password like field (*****)
                          thezed
                            

                          Thanks to all of you for your comments. i am however not relly concerned with the security. The file is hosted on an internal server, we are only 6 people using the file and I have no confidential data on it (at least internally).

                          So the custom login looks nice and allows me to redirect every user to a personalized homepage with only the links he most needs.

                           

                          Thanks again,

                          Z. 

                          • 10. Re: password like field (*****)
                            james.gould

                            Personally I'm not sure how a custom login makes the system in secure?

                            My system forces everybody into a read-only account for which they have to login in the normal way (so you need a password to even enter read-only mode - this is handled by the in-built login system). Once the user is reading, if they want to update a record they have to re-login, which in FMP is handled by the re-login script step and the usual Filemaker dialog.

                            However dialog boxes are not supported by IWP - which is where I had a problem. So I made a login page for the username and a (white on white) password field. This is then taken by a script and used to log the user into an account with editing privileges.

                            Obviously the white on white is lacking security given that selecting the text allows you to both see it and copy and paste, but other than that I can't see any security vulnerabilities since the script immediately uses the password to login to the new account and then deletes the password from the text field.

                            Everybody seems to be saying that custom logins are insecure, what am I overlooking?

                            Thanks,

                            James.