next »

[Tim B.]

Just a small point - this attribute replaces WIDGET="pasword" and now displays asterisks instead of letters, but I notice that it displays the actual number of asterisks that the underlying data contains rather than a fixed number (like many other programs do).  This is a bit of a security hole because it gives away the number of characters in someone's password or whatever it is that is being hidden.

[Sebastien F.]

Tim,

We mimic the Informix 4gl attribute so this will certainly never change.

From Informix 4gl doc:

INVISIBLE

The INVISIBLE attribute prevents user-entered data from being echoed on the
screen during a CONSTRUCT, INPUT, INPUT ARRAY, or PROMPT statement.

Usage

Characters that the user enters in a field with this attribute are not displayed
during data entry, but the cursor moves through the field as the user types.

Seb

[Tim B.]

The difference was though that INVISIBLE in BDS (and I suspect Informix) displayed nothing.  Genero is displaying asterisks (LIKE CLASS=PASSWORD).

This issue isn't with data entry though, it is the re-displaying of INVISIBLE fields afterwards, as they tell you how many characters are in the 'INVISIBLE' field.

[Sebastien F.]

Good point.
I believe we need to use * asterisks in GUI mode because the runtime system truncates values returned by the front-end...
Maybe we could use the cursor position...
I could file a bug to track this issue, but I doubt we will fix this soon.
Note that Gnome and Windows session login dialogs display asterisks or points, so I believe in GUI mode this is typical.

Seb

[Tim B.]

Asterisks are fine, but most apps would fill the field with asterisks so you couldn't tell the length (when simply displaying data).

I'm not particularly worried about it.  I just noticed it while converting one of our programs and thought it needed pointing out as a security issue.