Hide Password Characters

[Corey-Troy]

I thought i remember seeing an option to mask font characters in a field, like when a password is placed into a field, and only dots or Astrix's are displayed instead, while the field still retains the actual characters.

How do i do this, if i remembered correctly?

[LaRetta]

If keeping a password secret is important enough to mask it, it is important enough not to use it. Show Custom Dialog[] script step will allow masking characters and you can even find a font which masks. However, any technique will depend upon the User entering the password into a field as data (even if it can't be seen, even a global field which will lose its value upon file close, and even if you clear the value at end of script). This is very unsafe practice because data can be stolen no matter how well you attempt to protect it.

I suppose there might be times that you want a User to type something and store the real data within the table (but hide it from a person looking over their shoulder) but that's about the only instance it might be worthwhile. Can you explain why you are attempting to mask the data entry? It might help us come up with safe options for you. :smile2:

[Corey-Troy]

I am setting up a script that will use the SMTP emailer built in to filemaker to email a layout.

I will then use a calculation to draw in the required email address, including u/n + p/w from a related table of data.

I wanted to not display the p/w in the table for all to see, but still need the data there for the script to email.

[bruceR]

Still not clear why you don't just use a custom dialog for this, since it has password masking built in.

[Vaughan]

I am setting up a script that will use the SMTP emailer built in to filemaker to email a layout.

I will then use a calculation to draw in the required email address, including u/n + p/w from a related table of data.

Are you sure this is necessary? I've never seen an SMTP server set up to require authentication to send mail. On the other hand, POP servers are *always* set up to require authentication to check mail.

If it were me I'd store the password in a global field or global variable, and not keep it persistently in a field at all (this is reducing support and maintenance as well as improving security).

At the beginning of the session the global will be empty. The first time the user sends mail they will be prompted for the password using the custom dialog, after which it gets stored in the global.

I'd say the global variable would be more secure than a global field but neither is really secure anyway. The most secure method is to prompt for the password each time it's needed.

[Corey-Troy]

Maybe i should re-think, and simply use the email client account instead.

It might be a little easier for me.

[Vaughan]

It depends on what you want to achieve... If you need to track what was sent and allow that to be seen by multiple users, then send the mail from FMP. That way you can save exactly what was sent in a record. If the mail is passed to the user's mail program then there is no way to track exactly what was sent (the message can be edited in the client) and the sent messages live on each user's computer so they aren't accessible by all users.

None of this is particularly hard to implement, but it's a bit of work.

I've had to implement something like this a couple of times because the company uses Lotus Notes which is not MAPI compliant, so it doesn't play with FMP's Send Mail command.