Password input field for tools?
Hi all! Is there any way to use password input fields ("<input type="password"...") with tools? A tools XML definition file only seems to support text and textarea fields. I already tried setting a tools parameter type to "password", which unfortunately results in an "Unknown tool parameter type 'password'". Trying "password="True"" (like "area="True"") does not result in an error, but the text field is still just a normal text field. I may be mistaken, as I am new to Python and Galaxy, but there already seems to be a PasswordField class and a TextField class, which both can be found in several files. Was the PasswordField class for tool parameters maybe disabled for a reason? Thanks! Daniel
Hi Daniel, I have attached a patch that does this below. You can use it by setting <param type="password"> However the security is lacking as you can see the string when you try to re-run the job and view source. Is this sufficient for your purposes? Thanks, K On Sat, Apr 2, 2011 at 11:01 AM, Daniel Schmidt <danielschmidt82@gmx.net> wrote:
Hi all!
Is there any way to use password input fields ("<input type="password"...") with tools? A tools XML definition file only seems to support text and textarea fields. I already tried setting a tools parameter type to "password", which unfortunately results in an "Unknown tool parameter type 'password'". Trying "password="True"" (like "area="True"") does not result in an error, but the text field is still just a normal text field. I may be mistaken, as I am new to Python and Galaxy, but there already seems to be a PasswordField class and a TextField class, which both can be found in several files. Was the PasswordField class for tool parameters maybe disabled for a reason?
Thanks! Daniel ___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at:
Hello all! Thanks alot K! Although I have to admit, that it seems too insecure, at least for the tool I am currently working on. The password field is needed to connect to a database, which contains (sensitive) patient data. Revealing the password to someone else by accident when re-running a job could give him or her access to data he or she should have never access to. In spite of everything, thank you again! Daniel Am 04.04.2011 17:17, schrieb Kanwei Li:
Hi Daniel,
I have attached a patch that does this below. You can use it by setting<param type="password"> However the security is lacking as you can see the string when you try to re-run the job and view source. Is this sufficient for your purposes?
Thanks,
K
On Sat, Apr 2, 2011 at 11:01 AM, Daniel Schmidt<danielschmidt82@gmx.net> wrote:
Hi all!
Is there any way to use password input fields ("<input type="password"...") with tools? A tools XML definition file only seems to support text and textarea fields. I already tried setting a tools parameter type to "password", which unfortunately results in an "Unknown tool parameter type 'password'". Trying "password="True"" (like "area="True"") does not result in an error, but the text field is still just a normal text field. I may be mistaken, as I am new to Python and Galaxy, but there already seems to be a PasswordField class and a TextField class, which both can be found in several files. Was the PasswordField class for tool parameters maybe disabled for a reason?
Thanks! Daniel ___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at:
Well, it could be modified to never return a value back to the interface after being set. Would that be sufficient? On Mon, Apr 4, 2011 at 11:46 AM, Daniel Schmidt <danielschmidt82@gmx.net> wrote:
Hello all!
Thanks alot K! Although I have to admit, that it seems too insecure, at least for the tool I am currently working on. The password field is needed to connect to a database, which contains (sensitive) patient data. Revealing the password to someone else by accident when re-running a job could give him or her access to data he or she should have never access to. In spite of everything, thank you again!
Daniel
Am 04.04.2011 17:17, schrieb Kanwei Li:
Hi Daniel,
I have attached a patch that does this below. You can use it by setting<param type="password"> However the security is lacking as you can see the string when you try to re-run the job and view source. Is this sufficient for your purposes?
Thanks,
K
On Sat, Apr 2, 2011 at 11:01 AM, Daniel Schmidt<danielschmidt82@gmx.net> wrote:
Hi all!
Is there any way to use password input fields ("<input type="password"...") with tools? A tools XML definition file only seems to support text and textarea fields. I already tried setting a tools parameter type to "password", which unfortunately results in an "Unknown tool parameter type 'password'". Trying "password="True"" (like "area="True"") does not result in an error, but the text field is still just a normal text field. I may be mistaken, as I am new to Python and Galaxy, but there already seems to be a PasswordField class and a TextField class, which both can be found in several files. Was the PasswordField class for tool parameters maybe disabled for a reason?
Thanks! Daniel ___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at:
Daniel, Note that this (and similar) password solutions in Galaxy is not secure in any real way (especially if you're dealing with patient data or HIPPA): The password (hidden or visible in a text field) is still transmitted in clear-text over the network (unless you're using HTTPS/SSL). If your users are connecting over WiFi (and the wireless network is not encrypted) - it's very easy to find the password. The password will also be saved in clear-text in the Galaxy database, and will be saved in the galaxy log files (as it will be passed to the program on the command line). Of course, depending on your configuration and requirements, this solution might suffice, but be aware that it provides a false sense of security, basically protecting only against people standing behind the user's back and looking at his monitor. Just my two cents, -gordon Kanwei Li wrote, On 04/04/2011 12:34 PM:
Well, it could be modified to never return a value back to the interface after being set. Would that be sufficient?
On Mon, Apr 4, 2011 at 11:46 AM, Daniel Schmidt <danielschmidt82@gmx.net> wrote:
Hello all!
Thanks alot K! Although I have to admit, that it seems too insecure, at least for the tool I am currently working on. The password field is needed to connect to a database, which contains (sensitive) patient data. Revealing the password to someone else by accident when re-running a job could give him or her access to data he or she should have never access to. In spite of everything, thank you again!
Daniel
Am 04.04.2011 17:17, schrieb Kanwei Li:
Hi Daniel,
I have attached a patch that does this below. You can use it by setting<param type="password"> However the security is lacking as you can see the string when you try to re-run the job and view source. Is this sufficient for your purposes?
Thanks,
K
On Sat, Apr 2, 2011 at 11:01 AM, Daniel Schmidt<danielschmidt82@gmx.net> wrote:
Hi all!
Is there any way to use password input fields ("<input type="password"...") with tools? A tools XML definition file only seems to support text and textarea fields. I already tried setting a tools parameter type to "password", which unfortunately results in an "Unknown tool parameter type 'password'". Trying "password="True"" (like "area="True"") does not result in an error, but the text field is still just a normal text field. I may be mistaken, as I am new to Python and Galaxy, but there already seems to be a PasswordField class and a TextField class, which both can be found in several files. Was the PasswordField class for tool parameters maybe disabled for a reason?
Thanks! Daniel ___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at:
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at:
participants (3)
-
Assaf Gordon -
Daniel Schmidt -
Kanwei Li