Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:16:51 ADT
AwakenToMe (AwakenToMe@aol.com)
Mon, 6 Apr 1998 00:44:44 EDT
you are exactly correct in this.. in fact I wrote an application for my work
that literally intercepts passwords going to a password box.
there are defenses for this. You can use your own wacked out user defined
messages. Or there is a way to have this message bypass the standard message
calls. I know this cannot easily be intercepted. Visual basic 4 (16 bit
version)list boxes use this method. Try to spy on one using Spy++. Vb4 uses
some sort of optimization so it sends everything directly to the listbox
bypassing the Wndproc.
So yes, it is possible to get past this.
A possibly easier alternative is to create your own textbox.
When it receives a WM_SETTEXT message, the text could actually be encrypted,
and the textbox control takes care of decrypting it whenever the application
calls for it.
Adam
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:16:51 ADT