LCCommunity If you are using DropTools Community Edition, this article does not apply to you (as LiveCode Community Edition does not allow for securing stacks with a password).

Securing Your DropTool

If you decide to create a DropTool, you may be concerned that you will not be able to secure your scripts, since LiveCode does not allow for substacks or objects to be copied from stacks that have been password protected.

The DropTools Palette has a clever feature that allows you to protect your stacks and
allow objects and substacks to be copied. You are (in effect) providing the password to DropTools, which can then use it to temporarily unlock your stack before copying over objects, and then resecuring the stack that was protected - all without anyone being able to intercept or determine the password!

How Does It Work?

The DropTools Palette has a substack called "DTSecurity" that is itself password-protected. In that protected stack are handlers for encoding and decoding a string using a custom-built encryption method, as well as a handler for unlocking a stack, given an encrypted string as a parameter. (It also holds the main "installation" code of DropTools with the "cantAbort" property of the stack turned on, so no one can put a breakpoint in or attempt to command-period to break in and try to work with your unlocked stack.)

The stack that you want to protect needs to have a custom
property set to the encrypted form of the stack's actual password. When you drag and drop a DropTool that has a protected stack, an "UnlockStack" command is dispatched to the protected "DTSecurity" substack with just a descriptor of the stack that should be unlocked and the value of the
. Inside the protected handler, the
is decrypted and then used to temporarily unlock the secured stack and copy the necessary objects and/or libraries.

At the end of the drag-drop operation, the original DropTool stack is closed and purged from memory, so that the next time it is opened, the password is back in place and the stack remains secured.

What About Libraries?

Libraries are protected in a similar way; remember that a DropTool library is a substack of the DropTool stack. That substack, if password-protected, would need to have the
set for it. Then, when the user goes to install a DropTool that needs this library, the substack will be temporarily unprotected, copied, saved to disk under another name, and then both the original DropTool stack and the new library stack will be closed and purged from memory. When the new library stack is brought into use, it is, in effect, being reopened, and so the original password protection remains in place.

How Do I Set the uDTPassKey?

This is where the clever feature comes in: bundled with the DropTools Palette download is a DropTool stack file called "DropSecurity.livecode". Once you install it into the DropTools folder, it will show up in the DropTools Palette as a golden padlock:

All you have to do is to open the stack that is (or will be) password protected, and then drag and drop the DropSecurity control anywhere onto that open stack. The DropTools Palette will then prompt you for your password and it will automatically set the
of that stack to the encoded version of that password. Easy, no?

And if you're concerned that the DropSecurity tool is unlocked, don't be - all it does is call on a handler in the already-protected "DTSecurity" substack of the DropTools stack to both encode the password and set the custom property of the target stack.

Important Note: Behaviors are NOT Protected

Since LiveCode only allows for the securing of stacks, if you have a behavior-based DropTool, the button that has your behavior code in it
will not
be protected. The only real way to protect your code at this point is to use either a library-based DropTool, or a behavior-based DropTool that calls on a library for the main functionality. Either way, to keep your code secure,
you must use a library stack
that can be password protected.

The Bottom Line?

Your password protected stack will remain protected during the drag and drop process, and if you have password-protected libraries, they will remain secure as well.

© 2015 Sons of Thunder Software, Inc.