Although you have free reign to do this any way you like, or not at all, observing the following will help maximize both security and compatibility with a range of terminal emulators:
• | Minimize screen operations; plain text teletype-style / UNIX-style prompts are best |
• | Time out after 10-15 seconds |
• | Set a limit of 3-5 attempts |
For example, in the code below, we use simple teletype-style prompts for user name and password. (INFLD works in teletype mode when row and col are both set to 0.) Type ||g disables GUI mode (just in case), ] strips trailing blanks, / eliminates timer-related displays, I eliminates the field markers and i eliminates echoing of keyboard characters for the password.
? "Please log in"
ok = 0
do while ok = 0
count += 1
if count > 3 then ? "too many tries" : exit
? "User name: ";
timer = 10
xcall INFLD,0,0,10,0,"A||g]/I",user$,inxctl,1,0,exitcode,timer
if exitcode = 11 then ? "time out" : exit
? "Password: ";
xcall INFLD,0,0,10,0,"A||g]/Ii",pw$,inxctl,1,0,exitcode,timer
if exitcode = 11 then ? "time out" : exit
ok = fn'check'credentials(user$,pw$)
loop
if ok = 0 then xcall MIAMEX, MX_EXIT ! exit ashell on failure
xcall CCON ! now we can re-enable ^C
Note that your routine to validate the user name and password can also take into account information about the user and workstation that can be retrieved without user intervention, via GETUSN.SBR (user name and machine ID) and MX_GETIP.SBR (IP address).
|