Custom Validation and UI component states

jason0816 · #1 07-16-2003, 10:13 AM

Part of the work that we do works with a StarTeam server.
Which requires the user to type in a password.

Storing passwords in plain text and displaying them as plain text of course can pose a security breach.

If it's possible, it would be nice to see, at mimimum, the "password" property of edit boxes being provided via the XML format provided (i.e. Password="1" within the field tag)

Ideally such an item would also perform trivial encryption to prevent a casual user from recovering the password from a build file by mere visual inspection.

pjaquiery · #2 07-16-2003, 03:41 PM

You could use some script to decode encripted passwords at run time. Fixes the casual user problem, but doesn't provide very much security as the script can be run interactively by an interested user.

jason0816 · #3 07-16-2003, 03:57 PM

My work around for now is to clear out the password after the script is executed. The data entry is still blatantly visible.

My primary concern is that a priveldeged users password could be read as plain text from the UI after it's been entered or as it is being entered.

Since no build scripts will be published here that contain passwords and user names, it's more a matter of a malicious intern or digruntled employee that I'm trying to provide minimal/trivial protection against... (i.e. I don't expect that we will have a problem, but it's a safety net , albeit a weak one...)

View Poll Results: How useful would "inter-field" validations be on custom action propety dialogs?
Very important! (needs aren't met due to the lack of this feature)	1	50.00%
Somewhat Important. (We have found ways around it, but we really want to have that feature)	0	0%
Unimportant. (However "nice" it would be we don't see our organization using it)	1	50.00%
What do you mean by "inter-field" validations?	0	0%
Voters: 2. You may not vote on this poll