search

pharo-graphics / Toplo

A widget framework on top of Bloc
MIT License
19 stars 9 forks source link

Typical password-like input field #202

Open tinchodias opened 3 weeks ago

tinchodias commented 3 weeks ago

@plantec how do you recommend implementing it?

plantec commented 3 weeks ago

you ask how to hide the text of the password ?

tinchodias commented 3 weeks ago

Not hide but replace by an asterisk each character.

El vie, 13 sept 2024 a la(s) 9:58 a.m., Alain Plantec ( @.***) escribió:

you ask how to hide the text of the password ?

— Reply to this email directly, view it on GitHub https://github.com/pharo-graphics/Toplo/issues/202#issuecomment-2348901486, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXHHKLRINZ6GRAZP3ERJPLZWLOPBAVCNFSM6AAAAABOEEEUU6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNBYHEYDCNBYGY . You are receiving this because you authored the thread.Message ID: @.***>

plantec commented 2 weeks ago

maybe there is a font for that

Nyan11 commented 1 week ago

If you only change the font, could you copy/paste the password ? If yes, would it make it a security issue ?

tinchodias commented 6 days ago

Both are good points :)

For Morphic backend, that is always a reference implementation, it is a font. See RubTextFieldMorph>>#beEncrypted:

beEncrypted
    encrypted := true.
    self textMorph font: (StrikeFont passwordFontSize: self theme textFont pointSize)

where that font is:

Screenshot 2024-09-27 at 13 05 56

I don't know of an existing analogous way to do it for Bloc.

In Morphic, you CAN copy to clipboard (and paste the entered string).

You can test it with:

m := SpRubTextFieldMorph new.
m encrypted: true.
m openInWindow.

and wrapped in Spec:

text := SpTextInputFieldPresenter new.
text bePassword.
text open.

As a reference in HTML, I tested the password input field in this webpage: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/password on a Macbook, in Chrome, Firefox and Safari. In all cases, the CMD+c was ignored. This should be possible to implement. In Morphic, by avoiding the execution of RubTextEditor>>#copySelection when the shortcut is pressed, or when menu item pressed on context menu.

plantec commented 6 days ago

security ? ok disabling the shortcut can be done easily and it is mandatory to do it for a password textfield. but it will very easy to hack any image with a script that catch the passwd textfield content ☺️

tinchodias commented 2 days ago

Ok! I'd be nice to disable the copy shortcut (not paste!). In an image with IDE tools disabled, the password will be safe from user point of view.

El sáb, 28 sept 2024 a la(s) 6:06 a.m., Alain Plantec ( @.***) escribió:

security ? ok disabling the shortcut can be done easily and it is mandatory to do it for a password textfield. but it will very easy to hack any image with a script that catch the passwd textfield content ☺️

— Reply to this email directly, view it on GitHub https://github.com/pharo-graphics/Toplo/issues/202#issuecomment-2380575336, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXHHKNRMHZWQVVZ6UDGPUDZYZWRXAVCNFSM6AAAAABOEEEUU6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGOBQGU3TKMZTGY . You are receiving this because you authored the thread.Message ID: @.***>