Monday, April 21, 2008
Making your password TextBox more secure
If you use a Windows Forms TextBox to let your users enter a password, you should know it's not very secure: external applications can get the password from the TextBox by sending it the WM_GETTEXT message. There are even applications written specifically to do this. If you want to prevent this, you can use the following control that is derived from System.Windows.Forms.TextBox and that prevents external applications from getting the password via WM_GETTEXT. Just use it instead of the regular TextBox for password fields.
using System;
using System.ComponentModel;
using System.Drawing;
using System.Windows.Forms;
namespace TC.WinForms
{
/// <summary>Represents a text box control for entering passwords.</summary>
[ToolboxItem(true), ToolboxBitmap(typeof(TextBox))]
public class PasswordTextBox : TextBox
{
/// <summary>Initializes a new instance of the <see cref="T:PasswordTextBox" /> class.</summary>
public PasswordTextBox()
{
base.UseSystemPasswordChar = true;
}
bool fAccessText;
/// <summary>Gets or sets the current text in the <see cref="T:TextBox"/>.</summary>
/// <returns>The text displayed in the control.</returns>
public override string Text
{
get
{
fAccessText = true;
try { return base.Text; }
finally { fAccessText = false; }
}
set
{
fAccessText = true;
try { base.Text = value; }
finally { fAccessText = false; }
}
}
/// <summary>Gets the length of text in the control.</summary>
/// <returns>The number of characters contained in the text of the control.</returns>
public override int TextLength
{
get
{
fAccessText = true;
try { return base.TextLength; }
finally { fAccessText = false; }
}
}
/// <summary>Processes Windows message.</summary>
/// <param name="m">The Windows <see cref="T:Message" /> to process.</param>
protected override void WndProc(ref Message m)
{
switch (m.Msg)
{
case WM_GETTEXT:
case WM_GETTEXTLENGTH:
if (!fAccessText)
{
m.Result = IntPtr.Zero;
return;
}
else break;
case EM_SETPASSWORDCHAR: return;
}
base.WndProc(ref m);
}
const int WM_GETTEXT = 0x000D, WM_GETTEXTLENGTH = 0x000E, EM_SETPASSWORDCHAR = 0x00CC;
}
}
EDIT: I added code to also ignore EM_SETPASSWORDCHAR which can also be used to make the password visible.
EDIT 2 (2008-04-22): I fixed the documentation tags in the code.
EDIT 3 (2008-04-22): I fixed some bugs that denied access to the password from within your program.
Tuesday, April 01, 2008
Silverlight Rehab
I previously linked to a video made by some Microsoft employees. Now they created another funny one, this time about Silverlight addicts.
Saturday, March 29, 2008
Opera Widget tip: zooming in
I just discovered something cool: you can make your Opera Widgets larger by zooming in. I just opened my favorite widget (touchTheSky: a weather forecast widget), and the text was a bit small. Usually, when I'm using Opera and I'm reading a web site with a small font, I press Ctrl and use the mouse wheel to zoom in. I just noticed that I unconsciously did the same with the touchTheSky widget and to my surprise it worked. Cool feature.
Wednesday, February 13, 2008
Life at Microsoft
The guys over at Channel 10 made an awesome video to show what life at Microsoft is really like. Very funny. Go watch it.
Thursday, February 07, 2008
Video: 12 years of Opera
Daniel Goldman has posted a cool little video of Opera's 12-year history. In just 2 minutes it shows the long road Opera has walked, the many versions of its desktop browser, mobile browser, mini browser and browser for devices.
Friday, February 01, 2008
PowerShell + Speech API
$v = New-Object -ComObject SAPI.SpVoice
$v.Speak("Who let the dogs out?")
Sunday, January 27, 2008
Garden Gnome Carnage
I just watched a video about a game called Garden Gnome Carnage. I haven't downloaded it yet, but it looks crazy: the video that explains how to play GGC is pretty weird. Don't worry if you experience some WTF-moments while watching it.
