Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

INTRAWEB SEQURE PASSWORDING

Posted on 2004-08-08
7
Medium Priority
?
828 Views
Last Modified: 2010-04-05
I know this can be done with Javascript, but I don't know how. And I really don't know how with intraweb.

When a Intraweb Edit control is placed on a page and Password is set, it displays "*" characters, but it probably still sends plain english between the HTTP Client and the intraweb app.

Using any method at all that will work nicely. How do I get the user to type a password and have it sent as MD5 and then evaluate it as MD5 in the intraweb app.

For Acceptance this answer must be directly related to an Intraweb Application form.


TIA

Kyley
0
Comment
Question by:KyleyHarris
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 17

Expert Comment

by:Wim ten Brink
ID: 11751445
The problem is client-side... On the clientside you can use a scripting language or an ActiveX control. The latter one is really gruesome. Thus JavaScripting is the only option here.

If you want to have a secure connection, use https:// instead of http:// since you definitely need a secure connection with passwords. Means you have to set up your server to allow secure connections.

Sorry but there's no solution for this from within the Delphi source. Delphi can only do stuff on the server while you want something done on the client. Client side is scripting or ActiveForms only.

Now, for IntraWeb you must create an inherited version of the editbox that you want to add. You must then alter the HTML code that this component will send to the client to include the MD5 encryption method. Not too easy... Therefore, I suggest using httpS:// instead. Easier to handle anyways. And pretty secure.
0
 
LVL 3

Author Comment

by:KyleyHarris
ID: 11751793
Thanks for your thoughts, but I do have a javascript for doing MD5 hashing. I simply do not know how to incorporate it into the edit control using the Javascript fields to modify the post data.
0
 
LVL 17

Expert Comment

by:Wim ten Brink
ID: 11752317
Oh, ok... Use a non-visible field in your form. When the form is submitted, you read the contents of the edit-field, hash it, empty the edit-field and put the hashed value in the non-visible field.

A hidden field is defined as <input type="hidden" ... If I'm not mistaken.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 3

Author Comment

by:KyleyHarris
ID: 11757325
Maybe I'm seeming a little naive. Sorry.

I understand the whole theory of it because I have examined the Yahoo Messenger Login Screen Source, and Downloaded the MD5.js javascript from
http://pajhome.org.uk/crypt/md5/
which has instuctions on use.

what I don't know is how to create a TIWForm and drop field onto it an work out what to do. :)

If I drop a TIWEdit onto the form with password = true the source generates a <input type="password"> .
If I put a TIWButton onto the form. By the time My code is looking at the TIWEdit.Text property from within the OnClick Event of the TIWButton I  would assume the following has happended

Client received page.
Client Typed clear password
Client Clicked Button
POST event submitted.
My DLL receives post data and calls onclick event and lets me do stuff
Page resent to client with any updates, etc.

Now in some even somewhere in the TIWForm or one of the controls there must be a specific event to insert a call to my javascript on the clientside to do what you
have mentioned above. Hide and clear the Text field. Add a hashed value into the hidden field. My question is how to do it with Intraweb.

Dropping a TIWEdit and setting the property visible to false will create the field.
Hope someone has used intraweb extensively

TIA
0
 
LVL 3

Author Comment

by:KyleyHarris
ID: 11827462
I solved this myself. Here is the answer.

On the Javascript property of TIWApplicationForm add the correct routines for MD5 encryption. I Used the yahoo ones as mentioned in the above hyperlink.

In the scriptevents property of the TIWButton that is the submit button add code to the onclick clientside event

EPASSWORDIWCL.value = hex_md5(HASHPASSWORDIWCL.value+EPASSWORDIWCL.value);
BTNLOGIN_onclick0();

This is based on intraweb 7, using a Edit Field called EPassword, and and Edit Field called HashPassword.

"hex_md5" is the javascript function from above.

HASHPassword was made hidden by overriding OnHTMLTag of HashPassword with

begin
    ATag.Params.Values['type'] := 'hidden';
end;

I will close this question without points as I had to work this out myself. Thanks for trying to assist.
0
 
LVL 5

Accepted Solution

by:
Netminder earned 0 total points
ID: 11866607
Closed, 500 points refunded.
Netminder
Site Admin
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to create forms/units independent of other forms/units object names in a delphi project. Have you ever created a form for user input in a Delphi project and then had the need to have that same form in a other Delphi proj…
Have you ever had your Delphi form/application just hanging while waiting for data to load? This is the article to read if you want to learn some things about adding threads for data loading in the background. First, I'll setup a general applica…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Loops Section Overview
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question