Differences

This shows you the differences between two versions of the page.

Link to this comparison view

field type - password [2016/09/14 14:19] (current)
Line 1: Line 1:
 +====== Password ======
  
 +The password field is used to store a User's Password. ​ This field can be used to create interfaces for customizing your Users' password entry interfaces. ​ When a password is entered by a User it is one-way encrypted, so the plain text of the password they entered can never be retrieved. ​ For example, if a user entered "​MyDogsNameIsFido"​ as their password, what is stored is likely closer to dkw9t8fdsaASFe434198fdsaasds8r.  ​
 +
 +**Note:** Once they have updated their password using this field it needs to be copied to their User Records'​ Password Field so it can be used up when they log in.  The Password that's stored in the "​Password",​ e53, Field on the User Record is the password that will be used when they log in.
 +
 +===== How to Create =====
 +  - Click the {{:​presentation-layer:​field-plus.png|}} to add a field in your [[Form|form]].
 +  - Choose "New Field"
 +  - Select the table you wish to add the field to. Most of the time, this will be the current [[Table|table]] you are on, called the current [[Context|context]].
 +  - Select a field name and click "​Choose Type".
 +  - Choose "​Password"​ from the list of field types.
 +  - You can continue adding fields or click the "​Select"​ button to finish adding.
 +
 +===== Features =====
 +Field features can be edited by clicking on the orange field icon {{:​shorttext.png|}} when the [[Presentation Layer|presentation layer]] is displayed. ​
 +
 +==== Field Label ====
 +  * [[Field Setting - Field Label|Field Label]]
 +  * [[Field Setting - Display Alternate Label]] (affects this form only)
 +
 +==== Grid Appearance ====
 +
 +  * [[Field Setting - Column Span|Column Span]]
 +  * [[Field Setting - Row Span|Row Span]]
 +
 +==== Sizing ====
 +
 +  * [[Field Setting - Sizing|Length]]
 +  ​
 +==== Tooltip ====
 +  * [[Field Setting - Tooltip|Tooltip]]
 +  * [[Field Setting - Descriptive Text|Descriptive Text]]
 +  * [[Field Setting - Display Alternate Descriptive Text|Display Alternate Descriptive Text]] (affects this form only)
 +
 +==== Block Association ====
 +  * [[Field Setting - Temporary Block Association|Temporary Block Association]]
 +  * [[Field Setting - Global Block Association|Global Block Association]]
 +
 +==== Validation ====
 +   * [[Field Setting - Required|Required]]
 +   * [[Field Setting - Minimum Length|Minimum Length]]
 +   * [[Field Setting - Minimum Uppercase Letters]]
 +   * [[Field Setting - Minimum Lowercase Letters]]
 +   * [[Field Setting - Minimum Digits]]
 +   * [[Field Setting - Minimum Special Characters]]
 +
 +==== View Only ====
 +  * [[Field Setting - View Only|View Only]]
 +
 +===== Acceptable inputs =====
 +The password field'​s acceptable inputs can be modified by the settings under Validation, allowing for customized password strengths.
 +
 +===== Filters =====
 +The password field can not be filtered, since the password they entered is one way encrypted and can't be retrieved.
 +
 +===== Password Security =====
 +
 +Password security is an important issue for any application that stores passwords. ​ WorkXpress is committed to making sure that software developers have the proper tools to build secure password systems. ​ Part of that commitment means that we store passwords using enterprise level security. ​ When a password is stored in WorkXpress the value is hashed so that password provided can not be directly derived from the stored values. ​ For the end user this means that they can be given their password, in the case that they forget it, and they can only change it.  Their password cannot be retrieved by anyone, not even WorkXpress staff.  ​
 +
 +When a password is stored in WorkXpress we use a cryptographically-strong random string as a salt to guarantee that each hash is unique. ​ This means that if two users use the same password or if a user "​changes"​ their password to the same password they had the value stored in the database is different. ​ This is important because if a list of passwords from a WorkXpress application does get compromised then each individual password must be cracked by the attacker, limiting the amount of data that they can compromise. The hashing method used by WorkXpress is called PBKDF2 using the SHA256 hash.  This means that it takes approximately 1 second to verify a value entered against a stored password. ​ The one second time is slow enough to make a brute force attack against a password unfeasible without compromising end user usability.
 +
 +For more information regarding password security please checkout this [[https://​www.owasp.org/​index.php/​Password_Storage_Cheat_Sheet|article]] provided by OWASP.
 +===== Value Comparison =====
 +
 +Because the Password storage mechanism creates a unique hash of the password, comparing two stored values that come from the database will not work.  It is possible to compare the value entered in the interface to a value stored in the database, or the value from the interface to another value from the interface because the values from the interface have not yet been hashed. ​ This allows the software developer to generate validations that compare the password entered on the screen to a second password field on the screen to implement a Password and Confirm Password system. ​ It is also possible to check the value on the screen to a value stored in the database so that the application developer can recreate password authentication outside of the login screen if an operation would require the user to re-enter a password or allow the software developer to make sure the password that the user is changing is different from the current one.
 +
 +Below is an example of two comparison operations. ​ The first compares the interface values from the "Login Information"​ Form of the Application and Confirm Application Password Fields and the second compares the interface value of the Application Password Field to the value stored in the database for the User's Password field.
 +
 +{{::​password_validation.png|}}
field type - password.txt ยท Last modified: 2016/09/14 14:19 (external edit)
Copyright WorkXpress, 2019