password displaying in debug mode

Author: lalitpct@gmail.com (lalitpct)

In our application when we start the uniface application in debug mode , while debugging it if we evaluate the password , it displays the actual password.

Is there anyway to avoid this ..some sort of encryption ?

8 Comments

  1. Hi Lalit,

    Naturally the debugger shows the value of a password field.
    For Uniface it is a field like all other fields.

    It sounds like you also store passwords without encrypting them.
    That is a really dangerous thing to do.
    Have a look at $encrypt and $decrypt to see how you can store encrypted passwords in the database etc.
    Then you also will only see encrypted values in the debugger.


    Author: Theo Neeskens (tneeskens@itblockz.nl)
  2. Hi lalit,

    think you talk about the return of the $password function.

    Unfortunately, the debugger evaluates functions in the same way as as the normal code will do.

    If you are not talking about the $password function but a variable containing a password:

    The debugger just displays the content of some area in memory and does not care about security.
    But here you can decide to use encrypted passwords internally (but have a decrypt function at hand).

    So the very best way is to stop people using the debugger in producton environments:

    - compile with /nodebug
    - rename the debugger executable

    Uli

     


    Author: ulrich-merkel (ulrichmerkel@web.de)
  3. So Lalit,
    Is your problem that you don't want end users to debug the application?
    Or are you trying to hide the users password for the developer?
    Or ...??


    Author: Theo Neeskens (tneeskens@itblockz.nl)
  4. I was looking for encrypting the password in debug mode ..meaning the user should see some stars or junk value ..

    Password should not be treated like normal variable where we can evaluate the value at run time

     


    Author: lalitpct (lalitpct@gmail.com)
  5. Still don't understand "encrypting password in debug mode"


    Author: Theo Neeskens (tneeskens@itblockz.nl)
  6. actually i was under the impression that while debugging we can mask the password , as at present when I try to evaluate the variable which stores password .

    It shows the exact  password


    Author: lalitpct (lalitpct@gmail.com)
  7. There is no functionality in Uniface to mask the value of a variable in the debugger.


    Author: Theo Neeskens (tneeskens@itblockz.nl)
  8. oh ok thanks for the help


    Author: lalitpct (lalitpct@gmail.com)