I have a Delphi (5) application that uses a log-in screen (standard user name/password) and have just found out recently that password storage applications can identify the log-in fields in the screen, even if they are obfuscated, and offer to save the information for the user. Due to the high security nature of our program, we don’t want to allow that. So far, I have not been able to find any information on how to block these applications from detecting the fields or telling them not to try. Is either of these options possible? If not, is there another option available?
I have a Delphi (5) application that uses a log-in screen (standard user name/password)
Share
Here’s a few thoughts – do you know how the form-filler is working?
1) can you dynamically create the username/password box at runtime? With a semi-random component name? It’s not hard to make a couple of components in your login form’s create.
2) can you replace the standard edit controls with a keypress state machine, effectively ‘faking’ the inputs using (for instance) TLabels?
3) Block cut/copy/paste from the edit controls?
4) Override the default message handler for your form, and swallow any keypress event that hasn’t ‘come’ from your app?