On 2/28/12 10:56 AM, Joe Lewis Wilkins wrote:
Why are strings encrypted?
Not all strings are, but passwords should be so that they are not readable by anyone. You really don't want your bank storing your password as plain text, where a hacker could get it and wipe out your bank account.
Some stacks use passwords to verify that the user has the right to run the stack. The password must be stored somewhere so your scripts can compare it to whatever the user enters. If you don't use an encrypted password, the plain text password must be stored and if the stack itself is not password protected then anyone with a text editor can see the password and get in.
If my password is "parrot", then I can either store that word and risk its discovery, or I can use "ask password" to encrypt it so that it's obscured. After encryption "parrot" becomes: =h`//q . That's the string you store in the stack for later comparisons. If a user enters the encrypted text in the password dialog it won't work, only "parrot" will.
It isn't really complicated to use; just store whatever "ask password" returns. After that, comparing the user entry to your stored password is identical to using a non-encrypted one.
-- Jacqueline Landman Gay | jac...@hyperactivesw.com HyperActive Software | http://www.hyperactivesw.com _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
