![]() | ![]() Products ![]() ![]() ![]() ![]() |
Home » Technical Support » Elevate Web Builder Technical Support » Support Forums » Elevate Web Builder General » View Thread |
Messages 1 to 10 of 15 total |
![]() |
Fri, May 5 2017 9:10 AM | Permanent Link |
Huseyin Aliz myBiss ApS | Hi All,
I am currently trying to implement a "remember me" function to keep username/password for the user. If i not wrong localstorage can be used for this purpose. I am using following code in the login process validation: if (RememberMe.SelectionState = ssSelected) then begin LocalStorage.Set('User', Dataset.columns['Login'].asString); LocalStorage.Set('Pw', Dataset.columns['Password'].asString); end; if (RememberMe.SelectionState <> ssSelected) then begin LocalStorage.Set('User', ''); LocalStorage.Set('Pw', ''); end; And this on formshow event: if LocalStorage.Exists('User') then UsernameEdit.text := Localstorage.Items['User']; if LocalStorage.Exists('Pw') then PasswordEdit.text := Localstorage.Items['Pw']; But nothing seems to be saved? Regards, Hüseyin |
Fri, May 5 2017 9:20 AM | Permanent Link |
Matthew Jones | Hüseyin Aliz wrote:
> Hi All, > > I am currently trying to implement a "remember me" function to keep username/password for the user. If i not wrong localstorage can be used for this purpose. > > I am using following code in the login process validation: > > if (RememberMe.SelectionState = ssSelected) then begin > LocalStorage.Set('User', Dataset.columns['Login'].asString); > LocalStorage.Set('Pw', Dataset.columns['Password'].asString); > end; > if (RememberMe.SelectionState <> ssSelected) then begin > LocalStorage.Set('User', ''); > LocalStorage.Set('Pw', ''); > end; > > And this on formshow event: > > if LocalStorage.Exists('User') then UsernameEdit.text := Localstorage.Items['User']; > if LocalStorage.Exists('Pw') then PasswordEdit.text := Localstorage.Items['Pw']; > > But nothing seems to be saved? > > Regards, > Hüseyin That all looks right to me. Note there is a .Clear('User') which should help for not storing. Have a look in the browser debug and you should see them. I think for passwords you should "munge" them a little to stop them being immediately visible to anyone digging. -- Matthew Jones |
Fri, May 5 2017 1:35 PM | Permanent Link |
Uli Becker | > But nothing seems to be saved?
As Matthew stated, your code seems to be correct. I don't know the context of your code, but I would check first (Showmessage) if Dataset.columns['Login'].asString and Dataset.columns['Password'].asString contain values. Uli |
Fri, May 5 2017 4:53 PM | Permanent Link |
Ronald | Uli Becker wrote:
>As Matthew stated, your code seems to be correct. Maybe your browser clears the cache on exit? This is an option in Exporer, maybe it is set in yours. Ronald |
Sat, May 6 2017 6:09 AM | Permanent Link |
Huseyin Aliz myBiss ApS | Hi All,
Thanks all, the code was ok, as you all pointed out, it began to work after i moved the localstorage.set section to another place where username/pw was set correctly from the dataset. Regards, Hüseyin Den 05-05-2017 kl. 22:53 skrev Ronald: > Uli Becker wrote: > >> As Matthew stated, your code seems to be correct. > Maybe your browser clears the cache on exit? This is an option in Exporer, maybe it is set in yours. > > Ronald > |
Sat, May 6 2017 6:10 AM | Permanent Link |
Huseyin Aliz myBiss ApS | Matthew,
Can you please give some examples how to "munge" the password? ![]() Thanks in advance. Regards, Hüseyin Den 05-05-2017 kl. 15:20 skrev Matthew Jones: > Hüseyin Aliz wrote: > >> Hi All, >> >> I am currently trying to implement a "remember me" function to keep username/password for the user. If i not wrong localstorage can be used for this purpose. >> >> I am using following code in the login process validation: >> >> if (RememberMe.SelectionState = ssSelected) then begin >> LocalStorage.Set('User', Dataset.columns['Login'].asString); >> LocalStorage.Set('Pw', Dataset.columns['Password'].asString); >> end; >> if (RememberMe.SelectionState <> ssSelected) then begin >> LocalStorage.Set('User', ''); >> LocalStorage.Set('Pw', ''); >> end; >> >> And this on formshow event: >> >> if LocalStorage.Exists('User') then UsernameEdit.text := Localstorage.Items['User']; >> if LocalStorage.Exists('Pw') then PasswordEdit.text := Localstorage.Items['Pw']; >> >> But nothing seems to be saved? >> >> Regards, >> Hüseyin > That all looks right to me. Note there is a .Clear('User') which should help for not storing. > > Have a look in the browser debug and you should see them. I think for passwords you should "munge" them a little to stop them being immediately visible to anyone digging. > |
Sat, May 6 2017 6:59 AM | Permanent Link |
Raul ![]() | <<
I am currently trying to implement a "remember me" function to keep username/password for the user. If i not wrong localstorage can be used for this purpose. >> I really suggest you do not store the password as this is a vulnerability waiting to be exploited. Depending on the usage either compute a hash you can store and or if it's used to authenticate against the backend then have your server give you a session ID that you can use to auto-authenticate and that that be easily expired or so as needed Raul |
Mon, May 8 2017 3:53 AM | Permanent Link |
Matthew Jones | Hüseyin Aliz wrote:
> Can you please give some examples how to "munge" the password? I have my methods, and given that this is "security by obscurity" and that is generally not actually "security", I'd rather not give away instant details. But if you just run through the password and add 1 to each letter, so password becomes qbttxpe then that is step one. If you see qbttxpe you don't immediately know the password. Add the offset to each character to make the ss not be the same letter. You have to watch that you aren't going to go out of the normal character ranges. You might also take steps to make all data a specific length, so that "123" is not "abc" but is "abckauiosy". Obviously you need to be able to undo that. Like I say, this is not designed to be secure - it cannot be as they have access to the code. It is designed to stop someone opening the debug facilities of the browser and just "seeing" the password. -- Matthew Jones |
Mon, May 8 2017 3:54 AM | Permanent Link |
Matthew Jones | Raul wrote:
> I really suggest you do not store the password as this is a vulnerability waiting to be exploited. It is a worthwhile consideration that you point out. Me, I have a checkbox that allows the user to choose. And a label to not do it on public computers. For some it is a great convenience to do this on their own computer. -- Matthew Jones |
Mon, May 8 2017 8:17 AM | Permanent Link |
Huseyin Aliz myBiss ApS | Raul/Matthew,
You are right about saving the password might not be a good idea, even though phone's can be more personal than pc's ![]() Regards, Hüseyin Den 08/05/2017 kl. 09.54 skrev Matthew Jones: > Raul wrote: > >> I really suggest you do not store the password as this is a vulnerability waiting to be exploited. > It is a worthwhile consideration that you point out. Me, I have a checkbox that allows the user to choose. And a label to not do it on public computers. For some it is a great convenience to do this on their own computer. > |
Page 1 of 2 | Next Page » | |
Jump to Page: 1 2 |
This web page was last updated on Tuesday, February 11, 2025 at 11:58 AM | Privacy Policy![]() © 2025 Elevate Software, Inc. All Rights Reserved Questions or comments ? ![]() |