C# Protect the Password inside a TextBox ZZ

If the Text property is called, it will send an WM_GETTEXT message, so it will surely be an internal (safe) call. But if that message is received and the Text property wasn't called, then it might be risky to return the password, so we'll not process that message.

I wrote a "safer" TextBox here, just to show you the idea, feel free to write your own or simply improve this one.

class ProtectedTextBox : TextBox
{
    // the malicious message, that needs to be handled
    private const int WM_GETTEXT = 0x000D;

    // 'true' if the messages are sent from our program (from Text property)
    // 'false' if they're sent by anything else 
    bool allowAccess { get; set; }

    public override string Text   // overriding Text property
    {
        get
        {
            allowAccess = true;    // allow WM_GETTEXT (because it's an internal call)
            return base.Text;  //this sends the message above in order to retrieve the TextBox's value
        }
        set
        {
            base.Text = value;
        }
    }

    protected override void WndProc(ref Message m)
    {
        if (m.Msg == WM_GETTEXT)  // if the message is WM_GETTEXT 
        { 
            if (allowAccess)  // and it comes from the Text property
            {
                allowAccess = false;   //we temporarily remove the access
                base.WndProc(ref m);  //and finally, process the message
            }
        }
        else
            base.WndProc(ref m);
    }
}
View Code

posted on 2013-10-20 09:27  武胜-阿伟  阅读(353)  评论(0编辑  收藏  举报

Powered by: 博客园 Copyright © 2024 武胜-阿伟
Powered by .NET 8.0 on Kubernetes