Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

INTRAWEB SEQURE PASSWORDING

Posted on 2004-08-08
7
811 Views
Last Modified: 2010-04-05
I know this can be done with Javascript, but I don't know how. And I really don't know how with intraweb.

When a Intraweb Edit control is placed on a page and Password is set, it displays "*" characters, but it probably still sends plain english between the HTTP Client and the intraweb app.

Using any method at all that will work nicely. How do I get the user to type a password and have it sent as MD5 and then evaluate it as MD5 in the intraweb app.

For Acceptance this answer must be directly related to an Intraweb Application form.


TIA

Kyley
0
Comment
Question by:KyleyHarris
  • 3
  • 2
7 Comments
 
LVL 17

Expert Comment

by:Wim ten Brink
ID: 11751445
The problem is client-side... On the clientside you can use a scripting language or an ActiveX control. The latter one is really gruesome. Thus JavaScripting is the only option here.

If you want to have a secure connection, use https:// instead of http:// since you definitely need a secure connection with passwords. Means you have to set up your server to allow secure connections.

Sorry but there's no solution for this from within the Delphi source. Delphi can only do stuff on the server while you want something done on the client. Client side is scripting or ActiveForms only.

Now, for IntraWeb you must create an inherited version of the editbox that you want to add. You must then alter the HTML code that this component will send to the client to include the MD5 encryption method. Not too easy... Therefore, I suggest using httpS:// instead. Easier to handle anyways. And pretty secure.
0
 
LVL 3

Author Comment

by:KyleyHarris
ID: 11751793
Thanks for your thoughts, but I do have a javascript for doing MD5 hashing. I simply do not know how to incorporate it into the edit control using the Javascript fields to modify the post data.
0
 
LVL 17

Expert Comment

by:Wim ten Brink
ID: 11752317
Oh, ok... Use a non-visible field in your form. When the form is submitted, you read the contents of the edit-field, hash it, empty the edit-field and put the hashed value in the non-visible field.

A hidden field is defined as <input type="hidden" ... If I'm not mistaken.
0
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

 
LVL 3

Author Comment

by:KyleyHarris
ID: 11757325
Maybe I'm seeming a little naive. Sorry.

I understand the whole theory of it because I have examined the Yahoo Messenger Login Screen Source, and Downloaded the MD5.js javascript from
http://pajhome.org.uk/crypt/md5/
which has instuctions on use.

what I don't know is how to create a TIWForm and drop field onto it an work out what to do. :)

If I drop a TIWEdit onto the form with password = true the source generates a <input type="password"> .
If I put a TIWButton onto the form. By the time My code is looking at the TIWEdit.Text property from within the OnClick Event of the TIWButton I  would assume the following has happended

Client received page.
Client Typed clear password
Client Clicked Button
POST event submitted.
My DLL receives post data and calls onclick event and lets me do stuff
Page resent to client with any updates, etc.

Now in some even somewhere in the TIWForm or one of the controls there must be a specific event to insert a call to my javascript on the clientside to do what you
have mentioned above. Hide and clear the Text field. Add a hashed value into the hidden field. My question is how to do it with Intraweb.

Dropping a TIWEdit and setting the property visible to false will create the field.
Hope someone has used intraweb extensively

TIA
0
 
LVL 3

Author Comment

by:KyleyHarris
ID: 11827462
I solved this myself. Here is the answer.

On the Javascript property of TIWApplicationForm add the correct routines for MD5 encryption. I Used the yahoo ones as mentioned in the above hyperlink.

In the scriptevents property of the TIWButton that is the submit button add code to the onclick clientside event

EPASSWORDIWCL.value = hex_md5(HASHPASSWORDIWCL.value+EPASSWORDIWCL.value);
BTNLOGIN_onclick0();

This is based on intraweb 7, using a Edit Field called EPassword, and and Edit Field called HashPassword.

"hex_md5" is the javascript function from above.

HASHPassword was made hidden by overriding OnHTMLTag of HashPassword with

begin
    ATag.Params.Values['type'] := 'hidden';
end;

I will close this question without points as I had to work this out myself. Thanks for trying to assist.
0
 
LVL 5

Accepted Solution

by:
Netminder earned 0 total points
ID: 11866607
Closed, 500 points refunded.
Netminder
Site Admin
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how to center only a line in richedit? 4 61
Working with hours 3 65
LAN or WAN ? 11 95
FMX TEdit KeyUp handler detecting  "enter" key 4 14
A lot of questions regard threads in Delphi.   One of the more specific questions is how to show progress of the thread.   Updating a progressbar from inside a thread is a mistake. A solution to this would be to send a synchronized message to the…
Introduction The parallel port is a very commonly known port, it was widely used to connect a printer to the PC, if you look at the back of your computer, for those who don't have newer computers, there will be a port with 25 pins and a small print…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question