|
|
|
|
As explained in another tip in this TipBank, users can peek at the contents of password-protected TextBox controls with a simple Spy-like program, or even with a VB program plus some API functions. The problem is that such TextBox controls react to the WM_GETTEXT message and the GetWindowText API function as if they were regular TextBox controls. This holds True under Windows 95, 98 and NT. (Windows 2000 has fixed this security issue.)
If you want to make sure that no one can steal passwords from your VB programs, you only have to subclass the WM_GETTEXT message and discard the call. The following code snippet relies on the MsgHook.Dll (that you can download from the FileBank section of this site). |
 Click here to copy the following block |
Dim WithEvents TextHook As MsgHook
Private Sub Form_Load()
Set TextHook = New MsgHook
TextHook.StartSubclass Text1
End Sub
Private Sub TextHook_BeforeMessage(uMsg As Long, wParam As Long, lParam As Long, _
retValue As Long, Cancel As Boolean)
If uMsg = WM_GETTEXT Then Cancel = True
End Sub |
If you discard the WM_GETTEXT message, no application will be able to read the contents of your control.
It is remarkable that this subclassing code doesn't prevent the current application from reading the contents of the password-protected control. The reason is - evidently - that VB doesn't rely on API calls to read the Text property of a TextBox.
|
|
|
|
|
|
|
Submitted By :
Nayan Patel
(Member Since : 5/26/2004 12:23:06 PM)
|
 |
|
|
Job Description :
He is the moderator of this site and currently working as an independent consultant. He works with VB.net/ASP.net, SQL Server and other MS technologies. He is MCSD.net, MCDBA and MCSE. In his free time he likes to watch funny movies and doing oil painting. |
|
View all (893) submissions by this author
(Birth Date : 7/14/1981 ) |
|
|