Four Js Development Tools Forum

Just a small point - this attribute replaces WIDGET="pasword" and now displays asterisks instead of letters, but I notice that it displays the actual number of asterisks that the underlying data contains rather than a fixed number (like many other programs do).  This is a bit of a security hole because it gives away the number of characters in someone's password or whatever it is that is being hidden.

Tim,

We mimic the Informix 4gl attribute so this will certainly never change.

From Informix 4gl doc:

Seb

The difference was though that INVISIBLE in BDS (and I suspect Informix) displayed nothing.  Genero is displaying asterisks (LIKE CLASS=PASSWORD).

This issue isn't with data entry though, it is the re-displaying of INVISIBLE fields afterwards, as they tell you how many characters are in the 'INVISIBLE' field.

Good point.
I believe we need to use * asterisks in GUI mode because the runtime system truncates values returned by the front-end...
Maybe we could use the cursor position...
I could file a bug to track this issue, but I doubt we will fix this soon.
Note that Gnome and Windows session login dialogs display asterisks or points, so I believe in GUI mode this is typical.

Seb

Asterisks are fine, but most apps would fill the field with asterisks so you couldn't tell the length (when simply displaying data).

I'm not particularly worried about it.  I just noticed it while converting one of our programs and thought it needed pointing out as a security issue.