Help

Scripting block feature request: obscured text input

Topic Labels: Scripting extentions
1783 2
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Mike_Pennisi
7 - App Architect
7 - App Architect
See Solution in Thread

‎May 06, 2020 07:03 PM

Some scripts require sensitive input such as HTTP API access tokens. Depending on how the base is shared, it may not be appropriate to store this input in the scripts themselves. In these cases, it may be preferable to prompt the user with each execution.

Currently, the input.text function renders a generic HTML text input. For situations like these, it would be nice to present a password input. This would help protect users from shoulder surfing.

Reply
2 Replies 2
Bill_French
17 - Neptune
17 - Neptune
See Solution in Thread

‎May 07, 2020 09:41 AM

The CSO would string us all up for doing ANY of these things, but consider abstracting the access tokens well away from the script block and silently match up the user’s session ID with accessibility to any given base. You could also create a translation table in the script and encode the base IDs as base64 strings. Only during run-time would the keys be decoded. Most users would really struggle to get the actual keys from base64 strings.

One must ask, though, -

If a block has explicit read/write authority over the base itself, why would a script block need an API key? Unless, of course, it’s accessing other bases.

Reply
Mike_Pennisi
7 - App Architect
7 - App Architect
In response to Bill_French
See Solution in Thread

‎May 18, 2020 11:04 AM

@bill.french Yup, or if it’s accessing web services outside of Airtable

0 Kudos
Reply
Copyright © 2024 Khoros, LLC