Creating a WebSDK WebTextField

Hi

I wonder has any created a WebTextField in a WebSDK object?

I am trying to create a password field which doesn’t automatically invoke the keychain (etc) username/password popups and I’m having trouble even getting a standard field added.

Thanks for any help

Chris

can you post your project ? that way we could help you out.

Inside Examples > Platforms > Web > WebSDK there are two examples that can help. “CustomButton” and “Custom_Select_Control”.

Try to start from there and ask any question you find in the way.

2 Likes

That’s very kind of you Jean-Yves, thanks! I’ll see how I get on for now (to help to teach myself) and if and when I’m stuck, I might take you up on your offer! Thanks again. Chris

1 Like

Thanks Ricardo! And thanks for all of your example code and support. I tried the button and select control examples, but couldn’t make the “leap” to the TextField. I’ve now found the example you used with your Webinar on updating from a TextArea and I’m using this as a base. Thanks again!

1 Like

as explained in your other post about this, I don’t think you can achieve this as this is the user’s web browser that decide to save the password or not. your only way is to make a virtual keyboard to input the password, and certainly not a webtextfield, even with the websdk it will lead to the same result as xojo’s

I saw one option to use a ‘password’ font that will display only circles/dots instead of letters, numbers, or symbols.

The TextField will not be set as Password so the browser will not give the option to use keychain.

I don’t know if this is something you want to explore.

2 Likes

if this works, you don’t need to use the websdk either

1 Like
1 Like

Ah, okay. I misunderstood what you were saying, sorry. I expect you’re correct as I’m am having some difficulty intercepting the text before it gets to the UI.Thanks

Thanks Alberto. I think I remember doing something like that a zillion years ago before the password textfield was an option in Xojo (well actually realbasic), It worked quite well, except you could copy and paste the password to another document and change the font, which would be a small bit of a security risk, no more, I expect, than the mobile apps showing the last letter typed.

Fair play Jean-Yves! It might be a good fall-back plan. Thanks for sourcing this and Alberto for suggesting!

Hi Jean-Yves and Alberto. Just to let you know, this does work a treat! As I expected, you can copy and paste the password, so it may not be ideal for some, but definitely a good workaround. Thanks again and I think I’ll use this method for now and get on with the project.

Chris

1 Like

So there is one huge problem with using the password font. Password fields are designed to be secure. That is, they can’t be changed to a plain text field to reveal their contents and are not copyable. Another problem is that non-password fields can be stored in the browser’s built-in autocomplete database, so if your app is ever used on a public computer (like a library or a cafe) the user’s password could get stored and used by the next person without their knowledge.

4 Likes

Hi Greg. Thanks. I was aware of the first problem and willing to live with it (clear the password after 15 seconds of inactivity, or so), but forgot completely about auto-fill forms outside the keychain, so thanks very much for pointing this out… It looks like I might have to put in Jean-Yves’s soft keyboard after all… Not ideal for people who might need to log in several times a day

are you on macos or windows ?
if on macos, if it is a user computer, he can log with his fingerprint on a recent mac
if it is a shared mac computer, you can use the guest account and the password field will not have any keychain.

So just to be clear, when I go to a website and my password managers don’t work I immediately have concerns:

  1. That my password manager doesn’t work, because I have thousands of them and having to do five extra steps just pisses me off.
  2. I usually look at what’s been done and when I find out that some special hack has been done, I wonder what other hacks have been done which compromise security.

And let’s be clear, you are compromising the security of the browser and the users password here. The whole purpose of the password field is so that the password can’t be stolen by looking over your shoulder or by some browser extension just copying it out… which is what will be able to happen if you use a text field.

I don’t see that it was asked above so why the heck are you trying to do this anyway? It seems like a lot of work for a problem that was solved a long time ago.

2 Likes

Thanks Greg. My problem is I have two password fields, one is a company password and the other is a personal password, but keychain ends up being confused with this. I am trying to create a field that is ignored by keychain but will still hide the text.

The majority will be window users

Just out of curiosity, what names have you given these fields? If it’s Password1 and Password2, I suggest something more complex so they may be able to tell them apart.