CapeSoft.Com
Clarion Accessories
PassPaste
Documentation
 

CapeSoft PassPaste
Documentation

Download Latest Version FAQ History Templates Classes
Installed Version Latest Version

Introduction

Recent versions of Clarion have disabled the ability for a user to paste text into a Password field [1]. While this may be advantageous in some circumstances, it greatly weakens security in general by preventing the use of secure (ie long and random) passwords generated by password managers. PassPaste is a small template that allows users to paste text into password fields, using either Ctrl-V, or Right-Mouse-Button / Paste.

All the proceeds collected from this template go to charity (over and above our normal charitable contributions.) For a list of the charities we regularly support see our Social Responsibility page. If you cannot afford this product please contact us and we will arrange a free copy for you.

[1] This is likely not an overt action by SoftVelocity. It is likely to be a side effect of the way a native Windows entry field is being used.

Features


Why is Pasting Prevented?

Having a password in the clipboard is not ideal because the clipboard is available to any program on the computer, and is plain text. Thus if your computer is compromised with some kind of malware, then that program may be able to inspect the clipboard from time to time and extract passwords from there (This argument ignores the issue that malware can just as easily log keystrokes.)  Equally if, after using the clipboard, the password is left there then another user at your keyboard can retrieve it simply by pasting into say Notepad (if you leave your desk.)

Unfortunately the solution (preventing a Paste) does not fix the root problem. The user has already copied the password into the clipboard, so the damage (if there is any) has already been done. Indeed since the user flow has been interrupted it's possible they may now forget to clear the clipboard.

PassPaste works to resolve the problem by not only allowing the Paste, but then immediately clearing the clipboard. Since you are pasting into  password field the program is uniquely able to determine that the clipboard contains a password, and that this password is now no longer required.

Programs that prevent pasting are making an attempt to educate users, by not accepting the password they "teach" the user not to copy the password into the clipboard in the first place. This approach might work if it was universally adopted, but that is not the case [2]. Since the consensus is that very long, random passwords are the only protection against off-site brute-force attacks, the use of Password Managers is by far the best solution to that vulnerability. Given the choice between (ineffective) local clipboard protection and the risk of short passwords being brute-forced, the accepted security practice is to promote long, random, passwords and to allow Paste from the clipboard.

References


Troy Hunt - The "Cobra Effect" that is Disabling Paste on Password Fields.
Wired Magazine - Websites, Please Stop Blocking Password Managers. It’s 2015.
OWASP - Authentication Cheat Sheet.

[2] All modern browsers, including Chrome, Firefox, Safari, IE and Edge allow pasting into password fields.

JumpStart

  1. Add the PassPaste Global Extension to the application.
  2. On a window with a Password field add the PassPaste local extension to the window.
  3. Set the properties as you wish. See the Template Reference for a list of properties and what they do.

Multi DLL

If you have a multi-dll system (ie multiple apps) then you need to add this template to the DataDLL app.
In this app turn on both settings on the Multi-DLL tab.

Then add the Global extension to any other apps that contain password fields. In these apps only the first checkbox on the Multi-DLL tab should be on.

Then, in those apps, add the Local extension to any windows that contain a password field.

Template Reference

Global PassPaste Template

General Tab

Disable All PassPaste Features
Turning this on disables PassPaste in this app. No PassPaste code will be generated into any procedures.

Multi DLL Tab

This is part of a Multi-DLL program
If this app is part of a multi-app system, then tick this on. It should be on in all apps in the system where this extension is added. (Including EXE apps),
Export Class from this DLL
Tick this on only in the Data DLL. It should be off in the other DLL's and EXE's.

Local PassPaste Template

Local Options Tab

Allow Ctrl-V
Tick this on to allow pasting via the Ctrl-V key.
Allow Right-Mouse
Tick this on to allow pasting via the Right-Mouse-Button, and AppsKey on the keyboard.

Implementing in Handcode

Implementing PassPaste in hand-coded procedures is very straightforward.

Adding the PassPaste class to your project

  1. Add project defines PassPasteDLLMode=>0 and PassPasteLinkMode=>1 to your project.
  2. Add a global include;

    include ('PassPaste.Inc'),Once

Adding a PassPaste object to your Procedure

  1. Instantiate an object in the procedure;

    ThisPassPaste PassPaste
  2. Initialize the object after the window is opened;

    ThisPassPaste.Init()
  3. Add an event handler inside your ACCEPT loop

    ThisPassPaste.TakeEvent()

Class Reference

A single object is able to provide paste support for any number of controls on the window. The main methods are Init and TakeEvent. Assignment code must be embedded into the derived Paste method for the class to work. This is usually done for you by the template.

Properties

The class has no properties.

Methods

Methods

AlertKeys

AlertKeys (Long pField, Long pKeyboard, Long pMouse, Long pToggle)

Description

Called internally by the CHECKFIELDS method.
Alerts the Ctrl-V, and Right-mouse keys for the field.

Parameters

Parameter Description
pField The field number of the field to alert.
pKeyboard If true then support for the Ctrl-V key is on
pMouse If true then support for the Mouse Right Button is on
pToggle If true, then support for Ctrl-P key is on. This toggles the PASSWORD attribute on the field.
Return Value

None

Example

ThisPaste.AlertKeys(?password,true,true,true)

See Also

CheckFields

Methods

CheckFields

CheckFields (Long pKeyboard, Long pMouse, Long pToggle)

Description

Is called internally from the INIT method. Loops through all the fields on the window looking for ENTRY fields with the PASSWORD attribute on. for each of these calls the ALERTKEYS method.

Parameters

Parameter Description
pKeyboard If true then support for the Ctrl-V key is on
pMouse If true then support for the Mouse Right Button is on
pToggle If true, then support for Ctrl-P key is on. This toggles the PASSWORD attribute on the field.
Return Value

None

Example

ThisPaste.CheckFields(true,true)

See Also

Init, AlertKeys

Methods

Init

Init (Long pKeyboard = true, Long pMouse=true, Long pToggle=false)

Description

Is called after the window opens. This methods looks for all ENTRY controls on the window with the PASSWORD attribute and adds PassPaste support to those controls.

Parameters

Parameter Description
pKeyboard If true (the default) then support for the Ctrl-V key is on
pMouse If true (the default) then support for the Mouse Right Button is on
pToggle If true, then support for Ctrl-P key is on. This toggles the PASSWORD attribute on the field.
Return Value

None

Example

ThisPaste.Init()

See Also

TakeEvent

Methods

Paste

Paste (Long pField)

Description

Is called to paste the contents of the clipboard into the password entry control. The method is also responsible for clearing the clipboard.

Parameters

Parameter Description
pField The Field Equate Number of the field to paste into.
Return Value

None

Example

ThisPassPaste.Paste (?Password)

See Also

TakeEvent

Methods

TakeEvent

TakeEvent ()

Description

Is called inside the ACCEPT loop. Checks the Event(), Field(), and Keycode(), to see if the PASTE method should be called.

Return Value

True is the event is recognized, and handled. False otherwise.

Example

ThisPaste.TakeEvent()

See Also

Init, Paste

Methods

Toggle

Toggle (Long pField)

Description

Toggles the state of the field's PASSWORD attribute. ie If the attribute is off it turns it on, and vice versa.

Parameters

Parameter Description
pField The Field Equate Number of the field to toggle.
Return Value

None

Example

ThisPassPaste.Toggle(?Password)

See Also

TakeEvent

Methods

Trace

Trace (String pStr)

Description

A debugging method used to send text to Debugview. Lines in debugview, sent by this method, will be prefixed wit [pp].

Parameters

Parameter Description
pStr The string to send to DebugView
Return Value

None

Example

ThisPassPaste.Trace('Hello World')


Methods

Translate

Translate (String pText)

Description

Used to translate any English text used inside the class.
Currently used for the word "Paste" as used in the right-click popup menu.

Parameters

Parameter Description
pText The text to translate.
Return Value

The translated text.

Example

ThisPassPaste.Translate PROCEDURE (String pStr)
ReturnValue any
  Code
  ReturnValue = SomeTranslationFunction(pStr)
  Return ReturnValue


See Also

TakeEvent

Support

Your questions, comments and suggestions are welcome. See our web page (www.capesoft.com) for new versions. You can also contact us in one of the following ways:
CapeSoft Support
Email
Telephone +27 21 715 4000

Installation

To download the latest installation please visit the CapeSoft Downloads page.

To install extract the Installation Program from the SAF file using the free CapeSoft Safe Reader (download for free from https://www.capesoft.com/utilities/Safe/safereader.htm).

Run the Installation Program for your version of Clarion.

Distribution

There are no files to distribute.

License & Copyright

This template is copyright © 2021 by CapeSoft Software. None of the included files may be distributed. Your programs which use PassPaste can be distributed without any PassPaste royalties.

This product is provided as-is. Use it entirely at your own risk. Use of this product implies your acceptance of this, along with the recognition of the copyright stated above. In no way will CapeSoft Software, their employees or affiliates be liable in any way for any damages or business losses you may incur as a direct or indirect result of using this product

Version History

Version 1.10 (9 July 2021) Version 1.03 (24 May 2021) Version 1.02 (16 July 2020) Version 1.01 (18 Sept 2018)
Version 1.0 (14 April 2017)
Download latest version here