Solved

INTRAWEB SEQURE PASSWORDING

Posted on 2004-08-08
7
817 Views
Last Modified: 2010-04-05
I know this can be done with Javascript, but I don't know how. And I really don't know how with intraweb.

When a Intraweb Edit control is placed on a page and Password is set, it displays "*" characters, but it probably still sends plain english between the HTTP Client and the intraweb app.

Using any method at all that will work nicely. How do I get the user to type a password and have it sent as MD5 and then evaluate it as MD5 in the intraweb app.

For Acceptance this answer must be directly related to an Intraweb Application form.


TIA

Kyley
0
Comment
Question by:KyleyHarris
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 17

Expert Comment

by:Wim ten Brink
ID: 11751445
The problem is client-side... On the clientside you can use a scripting language or an ActiveX control. The latter one is really gruesome. Thus JavaScripting is the only option here.

If you want to have a secure connection, use https:// instead of http:// since you definitely need a secure connection with passwords. Means you have to set up your server to allow secure connections.

Sorry but there's no solution for this from within the Delphi source. Delphi can only do stuff on the server while you want something done on the client. Client side is scripting or ActiveForms only.

Now, for IntraWeb you must create an inherited version of the editbox that you want to add. You must then alter the HTML code that this component will send to the client to include the MD5 encryption method. Not too easy... Therefore, I suggest using httpS:// instead. Easier to handle anyways. And pretty secure.
0
 
LVL 3

Author Comment

by:KyleyHarris
ID: 11751793
Thanks for your thoughts, but I do have a javascript for doing MD5 hashing. I simply do not know how to incorporate it into the edit control using the Javascript fields to modify the post data.
0
 
LVL 17

Expert Comment

by:Wim ten Brink
ID: 11752317
Oh, ok... Use a non-visible field in your form. When the form is submitted, you read the contents of the edit-field, hash it, empty the edit-field and put the hashed value in the non-visible field.

A hidden field is defined as <input type="hidden" ... If I'm not mistaken.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Author Comment

by:KyleyHarris
ID: 11757325
Maybe I'm seeming a little naive. Sorry.

I understand the whole theory of it because I have examined the Yahoo Messenger Login Screen Source, and Downloaded the MD5.js javascript from
http://pajhome.org.uk/crypt/md5/
which has instuctions on use.

what I don't know is how to create a TIWForm and drop field onto it an work out what to do. :)

If I drop a TIWEdit onto the form with password = true the source generates a <input type="password"> .
If I put a TIWButton onto the form. By the time My code is looking at the TIWEdit.Text property from within the OnClick Event of the TIWButton I  would assume the following has happended

Client received page.
Client Typed clear password
Client Clicked Button
POST event submitted.
My DLL receives post data and calls onclick event and lets me do stuff
Page resent to client with any updates, etc.

Now in some even somewhere in the TIWForm or one of the controls there must be a specific event to insert a call to my javascript on the clientside to do what you
have mentioned above. Hide and clear the Text field. Add a hashed value into the hidden field. My question is how to do it with Intraweb.

Dropping a TIWEdit and setting the property visible to false will create the field.
Hope someone has used intraweb extensively

TIA
0
 
LVL 3

Author Comment

by:KyleyHarris
ID: 11827462
I solved this myself. Here is the answer.

On the Javascript property of TIWApplicationForm add the correct routines for MD5 encryption. I Used the yahoo ones as mentioned in the above hyperlink.

In the scriptevents property of the TIWButton that is the submit button add code to the onclick clientside event

EPASSWORDIWCL.value = hex_md5(HASHPASSWORDIWCL.value+EPASSWORDIWCL.value);
BTNLOGIN_onclick0();

This is based on intraweb 7, using a Edit Field called EPassword, and and Edit Field called HashPassword.

"hex_md5" is the javascript function from above.

HASHPassword was made hidden by overriding OnHTMLTag of HashPassword with

begin
    ATag.Params.Values['type'] := 'hidden';
end;

I will close this question without points as I had to work this out myself. Thanks for trying to assist.
0
 
LVL 5

Accepted Solution

by:
Netminder earned 0 total points
ID: 11866607
Closed, 500 points refunded.
Netminder
Site Admin
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The uses clause is one of those things that just tends to grow and grow. Most of the time this is in the main form, as it's from this form that all others are called. If you have a big application (including many forms), the uses clause in the in…
Have you ever had your Delphi form/application just hanging while waiting for data to load? This is the article to read if you want to learn some things about adding threads for data loading in the background. First, I'll setup a general applica…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question