Solved

INTRAWEB SEQURE PASSWORDING

Posted on 2004-08-08
7
808 Views
Last Modified: 2010-04-05
I know this can be done with Javascript, but I don't know how. And I really don't know how with intraweb.

When a Intraweb Edit control is placed on a page and Password is set, it displays "*" characters, but it probably still sends plain english between the HTTP Client and the intraweb app.

Using any method at all that will work nicely. How do I get the user to type a password and have it sent as MD5 and then evaluate it as MD5 in the intraweb app.

For Acceptance this answer must be directly related to an Intraweb Application form.


TIA

Kyley
0
Comment
Question by:KyleyHarris
  • 3
  • 2
7 Comments
 
LVL 17

Expert Comment

by:Wim ten Brink
ID: 11751445
The problem is client-side... On the clientside you can use a scripting language or an ActiveX control. The latter one is really gruesome. Thus JavaScripting is the only option here.

If you want to have a secure connection, use https:// instead of http:// since you definitely need a secure connection with passwords. Means you have to set up your server to allow secure connections.

Sorry but there's no solution for this from within the Delphi source. Delphi can only do stuff on the server while you want something done on the client. Client side is scripting or ActiveForms only.

Now, for IntraWeb you must create an inherited version of the editbox that you want to add. You must then alter the HTML code that this component will send to the client to include the MD5 encryption method. Not too easy... Therefore, I suggest using httpS:// instead. Easier to handle anyways. And pretty secure.
0
 
LVL 3

Author Comment

by:KyleyHarris
ID: 11751793
Thanks for your thoughts, but I do have a javascript for doing MD5 hashing. I simply do not know how to incorporate it into the edit control using the Javascript fields to modify the post data.
0
 
LVL 17

Expert Comment

by:Wim ten Brink
ID: 11752317
Oh, ok... Use a non-visible field in your form. When the form is submitted, you read the contents of the edit-field, hash it, empty the edit-field and put the hashed value in the non-visible field.

A hidden field is defined as <input type="hidden" ... If I'm not mistaken.
0
Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

 
LVL 3

Author Comment

by:KyleyHarris
ID: 11757325
Maybe I'm seeming a little naive. Sorry.

I understand the whole theory of it because I have examined the Yahoo Messenger Login Screen Source, and Downloaded the MD5.js javascript from
http://pajhome.org.uk/crypt/md5/
which has instuctions on use.

what I don't know is how to create a TIWForm and drop field onto it an work out what to do. :)

If I drop a TIWEdit onto the form with password = true the source generates a <input type="password"> .
If I put a TIWButton onto the form. By the time My code is looking at the TIWEdit.Text property from within the OnClick Event of the TIWButton I  would assume the following has happended

Client received page.
Client Typed clear password
Client Clicked Button
POST event submitted.
My DLL receives post data and calls onclick event and lets me do stuff
Page resent to client with any updates, etc.

Now in some even somewhere in the TIWForm or one of the controls there must be a specific event to insert a call to my javascript on the clientside to do what you
have mentioned above. Hide and clear the Text field. Add a hashed value into the hidden field. My question is how to do it with Intraweb.

Dropping a TIWEdit and setting the property visible to false will create the field.
Hope someone has used intraweb extensively

TIA
0
 
LVL 3

Author Comment

by:KyleyHarris
ID: 11827462
I solved this myself. Here is the answer.

On the Javascript property of TIWApplicationForm add the correct routines for MD5 encryption. I Used the yahoo ones as mentioned in the above hyperlink.

In the scriptevents property of the TIWButton that is the submit button add code to the onclick clientside event

EPASSWORDIWCL.value = hex_md5(HASHPASSWORDIWCL.value+EPASSWORDIWCL.value);
BTNLOGIN_onclick0();

This is based on intraweb 7, using a Edit Field called EPassword, and and Edit Field called HashPassword.

"hex_md5" is the javascript function from above.

HASHPassword was made hidden by overriding OnHTMLTag of HashPassword with

begin
    ATag.Params.Values['type'] := 'hidden';
end;

I will close this question without points as I had to work this out myself. Thanks for trying to assist.
0
 
LVL 5

Accepted Solution

by:
Netminder earned 0 total points
ID: 11866607
Closed, 500 points refunded.
Netminder
Site Admin
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Delphi Dbf export problem to a Visual Foxpro application 6 188
Printing problem 2 91
find a node in VST 2 68
Tidtcpserver listening on multiports? 1 27
Objective: - This article will help user in how to convert their numeric value become words. How to use 1. You can copy this code in your Unit as function 2. than you can perform your function by type this code The Code   (CODE) The Im…
In my programming career I have only very rarely run into situations where operator overloading would be of any use in my work.  Normally those situations involved math with either overly large numbers (hundreds of thousands of digits or accuracy re…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question