how to allow users to login using passwords with #

> On 11/3/09 at 7:24 PM, tami@... (Tami Williams) pronounced:
>
>> action_statement = /fmi/xml/FMPXMLRESULT.xml?-db=Mbr&-
>> lay=lassoWeb&-lop=and&id.op=eq&id=-10&usn.op=eq&
>> usn=xxx&password.op=eq&password=Admin123%23&-max=all&-skip=0&-find
>
> This is looking for the following parameters:
>
> id beginswith -10
> usn beginswith xxx
> password beginswith Admin123#
>
> Why the id?
>
>> HOW do I allow users to use # (and any other symbol) in their  
>> passwords?
>
> It should work as is.  I think it's the extra param that is borking  
> it.
>
> I would also change either the search operator to -rx or add an  
> extra = to the start of the parameter value, else you will get a  
> lot of people logging in who should not (thanks to FM's default  
> search behavior):
>
> user: a
> pass: a
> => you lucky dog!
>
> --steve
>
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> Steve Piercy               Web Site Builder               Soquel, CA
> <web@...>                  <http://www.StevePiercy.com/>
>
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>
>

> Can you use encode_url on your form parameter so it's encoded  
> already in the inline?
>
> That way the only place that it's ever unencoded is when the user  
> enters it, which it should be in the form.
>
> [encode_url('Admin123#')] would give you Admin123%23
>
> Also since passwords should use a 1 way hash, you might be able to  
> sidestep the issue entirely since you should be encrypting the  
> password with SHA1 or similar instead of storing it in plain text  
> in Filemaker.
>
> Since this:
>  [Encrypt_HMAC: 'Admin123#', '22sometoken', -Digest='sha1', -Base64]
>
> is equivalent to this:
> [encode_url((Encrypt_HMAC: 'Admin123#', '22sometoken', -
> Digest='sha1', -Base64))]
>
> You can send the password that way without FM wreaking too much  
> havoc on it.
>
> On Nov 3, 2009, at 5:24 PM, Tami Williams wrote:
>
>> Admin123#
>
> Brian Loomis
> http://www.virtualrelations.us
> (208) 639-2569 - 208 NEW BLOX
> -- email checked daily --
>
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>
>

> If I encode url I get Admin123%23 - that's the problem b/c that's  
> not what's stored in FileMaker.
>
> Any way to stop Lasso from encoding the #?
>
> If I use password = Admin123$ instead of Admin123# it works so I'm  
> pretty sure its encoding the #.
>
> I want something that works regardless of what symbol the user puts  
> in their password - and not to have to worry about Lasso encoding  
> the password so it doesn't match the value stored in Filemaker.
>
> Thanks in advance.
>
>
> P.S. I'd like to get this to work as is before encrypting the  
> passwords.  Thanks.
>
>
> On Nov 3, 2009, at 7:24 PM, Brian Loomis wrote:
>
>> Can you use encode_url on your form parameter so it's encoded  
>> already in the inline?
>>
>> That way the only place that it's ever unencoded is when the user  
>> enters it, which it should be in the form.
>>
>> [encode_url('Admin123#')] would give you Admin123%23
>>
>> Also since passwords should use a 1 way hash, you might be able to  
>> sidestep the issue entirely since you should be encrypting the  
>> password with SHA1 or similar instead of storing it in plain text  
>> in Filemaker.
>>
>> Since this:
>> [Encrypt_HMAC: 'Admin123#', '22sometoken', -Digest='sha1', -Base64]
>>
>> is equivalent to this:
>> [encode_url((Encrypt_HMAC: 'Admin123#', '22sometoken', -
>> Digest='sha1', -Base64))]
>>
>> You can send the password that way without FM wreaking too much  
>> havoc on it.
>>
>> On Nov 3, 2009, at 5:24 PM, Tami Williams wrote:
>>
>>> Admin123#
>>
>> Brian Loomis
>> http://www.virtualrelations.us
>> (208) 639-2569 - 208 NEW BLOX
>> -- email checked daily --
>>
>>
>> --
>> This list is a free service of LassoSoft: http://www.LassoSoft.com/
>> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
>> Manage your subscription: http://www.ListSearch.com/Lasso/
>>
>>
>
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>
>

>If I encode url I get Admin123%23 - that's the problem b/c
>that's not what's stored in FileMaker.
>
>Any way to stop Lasso from encoding the #?
>
>If I use password = Admin123$ instead of Admin123# it works so
>I'm pretty sure its encoding the #.
>
>I want something that works regardless of what symbol the user
>puts in their password - and not to have to worry about Lasso
>encoding the password so it doesn't match the value stored in Filemaker.
>
>Thanks in advance.
>
>
>P.S. I'd like to get this to work as is before encrypting the passwords.  Thanks.
>
>
>On Nov 3, 2009, at 7:24 PM, Brian Loomis wrote:
>
>>Can you use encode_url on your form parameter so it's encoded
>>already in the inline?
>>
>>That way the only place that it's ever unencoded is when the
>>user enters it, which it should be in the form.
>>
>>[encode_url('Admin123#')] would give you Admin123%23
>>
>>Also since passwords should use a 1 way hash, you might be
>>able to sidestep the issue entirely since you should be
>>encrypting the password with SHA1 or similar instead of
>>storing it in plain text in Filemaker.
>>
>>Since this:
>>[Encrypt_HMAC: 'Admin123#', '22sometoken', -Digest='sha1', -Base64]
>>
>>is equivalent to this:
>>[encode_url((Encrypt_HMAC: 'Admin123#', '22sometoken',
>>-Digest='sha1', -Base64))]
>>
>>You can send the password that way without FM wreaking too
>>much havoc on it.
>>
>>On Nov 3, 2009, at 5:24 PM, Tami Williams wrote:
>>
>>>Admin123#
>>
>>Brian Loomis
>>http://www.virtualrelations.us
>>(208) 639-2569 - 208 NEW BLOX
>>-- email checked daily --
>>
>>
>>--
>>This list is a free service of LassoSoft: http://www.LassoSoft.com/
>>Search the list archives: http://www.ListSearch.com/Lasso/Browse/
>>Manage your subscription: http://www.ListSearch.com/Lasso/
>>
>>
>
>
>--
>This list is a free service of LassoSoft: http://www.LassoSoft.com/
>Search the list archives: http://www.ListSearch.com/Lasso/Browse/
>Manage your subscription: http://www.ListSearch.com/Lasso/
>
>

> I've tried all the suggestions - none have worked.
>
> Here'e the closest I've gotten.
>
> Test password is Admin!@#1.
>
>
> I can use
>
> 'password'= (encode_stricturl:$password),
>
> to store this value in the FileMaker field:  Admin!%40%231
>
>
> Then I use this to do the search to find that record:
>
> - user types in Admin!@#1, inline looks like
>
> -Op='EQ',
> 'password'=$password,
>
>
>
> The action_statement looks like this
>
> password=Admin!%40%231
> which is CORRECT  - it matches the values actually stored in the  
> FileMaker field
>
>
> HOWEVER, since the ! has meaning in FileMaker, no records are found  
> (even if I go to the FileMaker database manually and search for  
> Admin!%40%23, no records are found).  FileMaker needs the search  
> criteria to be surrounded by quotes like this:
>
> "Admin!%40%231"
>
> BUT there doesn't seem to be any way to pass that in my inline  
> because of the FMS connector's XML encodes the ".
>
> Any other ideas?
>
> Thanks in advance.
>
> (I may end up using the 360Works ScriptMaster plug-in to handle this  
> b/c I want to store the cleartext but shouldn't there be a Lasso  
> solution other than only storing and searching for the encrypted  
> value?)
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "It's better to burn out than to fade away."
>
> Tami Williams
> Creative Computing
> Let us help you make frustrating, costly, and inefficient processes  
> more efficient, less costly and scalable.
> FileMaker and Lasso specialists.
>
> Tel: 770.457.3221
> Fax: 770.454.7419
> E-Mail: info@...
> Web: http://www.asktami.com/
>
> FileMaker Solutions Alliance Associate | Lasso Professional Alliance  
> Member
>
> ------
>
> If you want to receive sporadic email from Creative Computing  
> regarding news at the company and announcements about upcoming Lasso  
> webinars and online classes, please opt-in at http://tinyurl.com/yj7eqlg
>
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>
>

> Hi Tami,
>
> I am sorry, I haven't been following this thread closely.  What are  
> the
> field settings in filemaker?
>
> Picking up on what Steve said, the # will have to be encoded to  
> XML, but
> FM should see this as # when it decodes the XML, otherwise all special
> characters would be an issue.  As I recall there is a setting in FM to
> modify how the data is stored in the field in FM... Just a shot in the
> dark from down-under.
>
> Very best regards,
>
> Rick
>
>
> -----Original Message-----
> From: Lasso Talk [mailto:lasso@...] On Behalf Of Tami
> Williams
> Sent: Thursday, 5 November 2009 6:28 AM
> To: Lasso Talk
> Subject: Re: how to allow users to login using passwords with #
>
> I've tried all the suggestions - none have worked.
>
> Here'e the closest I've gotten.
>
> Test password is Admin!@#1.
>
>
> I can use
>
> 'password'= (encode_stricturl:$password),
>
> to store this value in the FileMaker field:  Admin!%40%231
>
>
> Then I use this to do the search to find that record:
>
> - user types in Admin!@#1, inline looks like
>
> -Op='EQ',
> 'password'=$password,
>
>
>
> The action_statement looks like this
>
> password=Admin!%40%231
> which is CORRECT  - it matches the values actually stored in the
> FileMaker field
>
>
> HOWEVER, since the ! has meaning in FileMaker, no records are found
> (even if I go to the FileMaker database manually and search for Admin!
> %40%23, no records are found).  FileMaker needs the search criteria to
> be surrounded by quotes like this:
>
> "Admin!%40%231"
>
> BUT there doesn't seem to be any way to pass that in my inline because
> of the FMS connector's XML encodes the ".
>
> Any other ideas?
>
> Thanks in advance.
>
> (I may end up using the 360Works ScriptMaster plug-in to handle  
> this b/c
> I want to store the cleartext but shouldn't there be a Lasso solution
> other than only storing and searching for the encrypted value?)
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "It's better to burn out than to fade away."
>
> Tami Williams
> Creative Computing
> Let us help you make frustrating, costly, and inefficient processes  
> more
> efficient, less costly and scalable.
> FileMaker and Lasso specialists.
>
> Tel: 770.457.3221
> Fax: 770.454.7419
> E-Mail: info@...
> Web: http://www.asktami.com/
>
> FileMaker Solutions Alliance Associate | Lasso Professional Alliance
> Member
>
> ------
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>
>

> Yep - the field storage is Unicode in Filemaker but the problem is  
> the ! - because it means something in Filemaker the entire search  
> criteria needs to be inside " - using Unicode (or any other field  
> storage) doesn't change that.
>
> See details below.
>
> On Nov 4, 2009, at 3:42 PM, Rick Draper wrote:
>
>> Hi Tami,
>>
>> I am sorry, I haven't been following this thread closely.  What are  
>> the
>> field settings in filemaker?
>>
>> Picking up on what Steve said, the # will have to be encoded to  
>> XML, but
>> FM should see this as # when it decodes the XML, otherwise all  
>> special
>> characters would be an issue.  As I recall there is a setting in FM  
>> to
>> modify how the data is stored in the field in FM... Just a shot in  
>> the
>> dark from down-under.
>>
>> Very best regards,
>>
>> Rick
>>
>>
>> -----Original Message-----
>> From: Lasso Talk [mailto:lasso@...] On Behalf Of Tami
>> Williams
>> Sent: Thursday, 5 November 2009 6:28 AM
>> To: Lasso Talk
>> Subject: Re: how to allow users to login using passwords with #
>>
>> I've tried all the suggestions - none have worked.
>>
>> Here'e the closest I've gotten.
>>
>> Test password is Admin!@#1.
>>
>>
>> I can use
>>
>> 'password'= (encode_stricturl:$password),
>>
>> to store this value in the FileMaker field:  Admin!%40%231
>>
>>
>> Then I use this to do the search to find that record:
>>
>> - user types in Admin!@#1, inline looks like
>>
>> -Op='EQ',
>> 'password'=$password,
>>
>>
>>
>> The action_statement looks like this
>>
>> password=Admin!%40%231
>> which is CORRECT  - it matches the values actually stored in the
>> FileMaker field
>>
>>
>> HOWEVER, since the ! has meaning in FileMaker, no records are found
>> (even if I go to the FileMaker database manually and search for  
>> Admin!
>> %40%23, no records are found).  FileMaker needs the search criteria  
>> to
>> be surrounded by quotes like this:
>>
>> "Admin!%40%231"
>>
>> BUT there doesn't seem to be any way to pass that in my inline  
>> because
>> of the FMS connector's XML encodes the ".
>>
>> Any other ideas?
>>
>> Thanks in advance.
>>
>> (I may end up using the 360Works ScriptMaster plug-in to handle  
>> this b/c
>> I want to store the cleartext but shouldn't there be a Lasso solution
>> other than only storing and searching for the encrypted value?)
>>
>>
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> "It's better to burn out than to fade away."
>>
>> Tami Williams
>> Creative Computing
>> Let us help you make frustrating, costly, and inefficient processes  
>> more
>> efficient, less costly and scalable.
>> FileMaker and Lasso specialists.
>>
>> Tel: 770.457.3221
>> Fax: 770.454.7419
>> E-Mail: info@...
>> Web: http://www.asktami.com/
>>
>> FileMaker Solutions Alliance Associate | Lasso Professional Alliance
>> Member
>>
>> ------
>>
>> --
>> This list is a free service of LassoSoft: http://www.LassoSoft.com/
>> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
>> Manage your subscription: http://www.ListSearch.com/Lasso/
>>
>>
>
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>
>
>

> Tami,
> Instead of encode_stricturl, I would use (and do use for MySQL),  
> encode_hex.  This should encode every character in it's hexadecimal  
> notation, so you won't get anything that's not 0-9 or A-F.
>
> -Brad
>
>
> On Nov 4, 2009, at 4:01 PM, Tami Williams wrote:
>
>> Yep - the field storage is Unicode in Filemaker but the problem is  
>> the ! - because it means something in Filemaker the entire search  
>> criteria needs to be inside " - using Unicode (or any other field  
>> storage) doesn't change that.
>>
>> See details below.
>>
>> On Nov 4, 2009, at 3:42 PM, Rick Draper wrote:
>>
>>> Hi Tami,
>>>
>>> I am sorry, I haven't been following this thread closely.  What  
>>> are the
>>> field settings in filemaker?
>>>
>>> Picking up on what Steve said, the # will have to be encoded to  
>>> XML, but
>>> FM should see this as # when it decodes the XML, otherwise all  
>>> special
>>> characters would be an issue.  As I recall there is a setting in  
>>> FM to
>>> modify how the data is stored in the field in FM... Just a shot  
>>> in the
>>> dark from down-under.
>>>
>>> Very best regards,
>>>
>>> Rick
>>>
>>>
>>> -----Original Message-----
>>> From: Lasso Talk [mailto:lasso@...] On Behalf Of  
>>> Tami
>>> Williams
>>> Sent: Thursday, 5 November 2009 6:28 AM
>>> To: Lasso Talk
>>> Subject: Re: how to allow users to login using passwords with #
>>>
>>> I've tried all the suggestions - none have worked.
>>>
>>> Here'e the closest I've gotten.
>>>
>>> Test password is Admin!@#1.
>>>
>>>
>>> I can use
>>>
>>> 'password'= (encode_stricturl:$password),
>>>
>>> to store this value in the FileMaker field:  Admin!%40%231
>>>
>>>
>>> Then I use this to do the search to find that record:
>>>
>>> - user types in Admin!@#1, inline looks like
>>>
>>> -Op='EQ',
>>> 'password'=$password,
>>>
>>>
>>>
>>> The action_statement looks like this
>>>
>>> password=Admin!%40%231
>>> which is CORRECT  - it matches the values actually stored in the
>>> FileMaker field
>>>
>>>
>>> HOWEVER, since the ! has meaning in FileMaker, no records are found
>>> (even if I go to the FileMaker database manually and search for  
>>> Admin!
>>> %40%23, no records are found).  FileMaker needs the search  
>>> criteria to
>>> be surrounded by quotes like this:
>>>
>>> "Admin!%40%231"
>>>
>>> BUT there doesn't seem to be any way to pass that in my inline  
>>> because
>>> of the FMS connector's XML encodes the ".
>>>
>>> Any other ideas?
>>>
>>> Thanks in advance.
>>>
>>> (I may end up using the 360Works ScriptMaster plug-in to handle  
>>> this b/c
>>> I want to store the cleartext but shouldn't there be a Lasso  
>>> solution
>>> other than only storing and searching for the encrypted value?)
>>>
>>>
>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>> "It's better to burn out than to fade away."
>>>
>>> Tami Williams
>>> Creative Computing
>>> Let us help you make frustrating, costly, and inefficient  
>>> processes more
>>> efficient, less costly and scalable.
>>> FileMaker and Lasso specialists.
>>>
>>> Tel: 770.457.3221
>>> Fax: 770.454.7419
>>> E-Mail: info@...
>>> Web: http://www.asktami.com/
>>>
>>> FileMaker Solutions Alliance Associate | Lasso Professional Alliance
>>> Member
>>>
>>> ------
>>>
>>> --
>>> This list is a free service of LassoSoft: http://www.LassoSoft.com/
>>> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
>>> Manage your subscription: http://www.ListSearch.com/Lasso/
>>>
>>>
>>
>>
>> --
>> This list is a free service of LassoSoft: http://www.LassoSoft.com/
>> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
>> Manage your subscription: http://www.ListSearch.com/Lasso/
>>
>>
>>
>
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>
>