What would be a good technique to partially display and store sensitive information like passwords or api keys?
In “browse” mode: show the decrypted value from database like a*********123
In “edit” mode: possibility to change this value. Ofcourse I want to avoid that when going in edit mode, the actual credential is fully shown just by having linked the dataprovider to that field
I am looking for a generic approach, we have dynamic forms that might contain these fields, so really working with events to show/hide fields or to work with local variables masking the values is not the preferred way
Thanks!
You could use a form variable for this?
In the onShow/onRecordSelection you can set this value to ‘a*******123’
In edit mode it will show the same, if you start typing you can see the credentials (or set the field type to display type ‘password’)
Then use the onDataChange to write a newValue into the actual column.
Personally I would never expose any character of sensitive information nor indication of the length.
Anything will help unauthorised people to know the actual data.
Hope this helps
Hi Marc,
Thank you for the answer.
You might be right about exposing any information about sensitive information.
I was somehow hoping on a solution serverside like “onRender” that masks the information sent to the client in a way that I don’t have to worry about datachange, locals, etc
Server => client: mask the value, maybe even like *****
Client => server: act live a normal textbox with a dataprovider
Thanks
Robrecht
For user passwords, you should never store them, only store a salted hash of the passwords. Then you salt and hash the user input and compare it to stored salt/hashed version to see if it matches.
For other stuff like API Keys or passwords to external things, if you must store it in your database, then you could also consider a global method column converter on the column. So you store it blowfish encrypted in the db, display it like ***123 via decrypting it and masking it, and then when the user edits it, you check if its masked, and if not assume a new value, and then re-encrypt it and store it which would make it re-render with the masked value. Mark’s suggestion of form variable also works.