Storing a password

carodak · December 9, 2021, 9:51pm

Hi everyone,

I would like to store a file containing a password on pavlovia. This password would then be retrieved in our online task to communicate with an external API. This password provides access to confidential data, so we would like it to be as secure as possible and not accessible from outside.
I should point out that our task is private.

If we upload the file to the resources folder, will it be accessible by the client? Do you know a way to access our password in the task without an external person being able to copy/paste our code and access the password too?

Thank you very much

wakecarter · December 9, 2021, 11:23pm

I’m not exactly sure what you need here but the VESPR Study Portal can contain information in the debrief which you can only access if you arrive at https://moryscarter.com/vespr/portal/debrief.php?participant=1&session=1 with a valid combination of participant and session.

The debrief text is stored in a MySQL database (along with, for example, a participation credit link)

carodak · December 9, 2021, 11:54pm

Thank you for your answer @wakecarter

Let’s take a more concrete case, it might be clearer. I want to send the data from the experiment to an online survey manager. This is done very well with a post request inside the task.
I have a password (token) for example :3232hdsd which authenticates me when I send my post request inside a code component. This password also gives me the ability to delete data in the survey manager. So I would like to secure it but also control who can use it.

In the case of the VESPR portal, their code is in a php page so it is server side. This means that the client does not have access to the functions and methods for using and manipulating the debrief text.
I think that with pavlovia, we can’t upload php files. Therefore, access to the database seems complicated (where to store the database password…).
If we stay on the client side, then how can we store and access the token (whether it is a database or in a file), without the client being able to see the token file or being able to replicate our functions/methods to also access the token?

wakecarter · December 10, 2021, 10:18am

Could PsychoPy send the info to a PHP webpage which checked the incoming data and added the password then redirected to the survey manager?

carodak · December 10, 2021, 2:23pm

Yes indeed, this is an option I am considering. That said, I would have liked our code to remain on pavlovia. We have several studies on our survey manager that contain different surveys and the token/password is specific to each study. So it will change and not everyone has access to the server where we could put the PHP file. Also, I don’t know if mixing different projects on one server is a good idea. I was wondering if there wasn’t a more direct option to protect a file uploaded to pavlovia from external access and use.

Topic		Replies	Views
Storing data from Pavlovia securely Online experiments	0	254	February 26, 2021
External Trial Input Online experiments pavlovia	4	411	December 3, 2020
Pavlovia.org create an online experiment by invitation Online experiments psychopy3 , pavlovia	6	1674	July 13, 2020
Include pdf-document in Pavlovia-Project Online experiments pavlovia	1	701	February 18, 2022
Major Data Loss on Pavlovia - Online Experiments Online experiments	4	325	December 6, 2021

Storing a password

Related Topics