I would like to store a file containing a password on pavlovia. This password would then be retrieved in our online task to communicate with an external API. This password provides access to confidential data, so we would like it to be as secure as possible and not accessible from outside.
I should point out that our task is private.
If we upload the file to the resources folder, will it be accessible by the client? Do you know a way to access our password in the task without an external person being able to copy/paste our code and access the password too?
Thank you very much
I’m not exactly sure what you need here but the VESPR Study Portal can contain information in the debrief which you can only access if you arrive at https://moryscarter.com/vespr/portal/debrief.php?participant=1&session=1 with a valid combination of participant and session.
The debrief text is stored in a MySQL database (along with, for example, a participation credit link)
Thank you for your answer @wakecarter
Let’s take a more concrete case, it might be clearer. I want to send the data from the experiment to an online survey manager. This is done very well with a post request inside the task.
I have a password (token) for example :3232hdsd which authenticates me when I send my post request inside a code component. This password also gives me the ability to delete data in the survey manager. So I would like to secure it but also control who can use it.
In the case of the VESPR portal, their code is in a php page so it is server side. This means that the client does not have access to the functions and methods for using and manipulating the debrief text.
I think that with pavlovia, we can’t upload php files. Therefore, access to the database seems complicated (where to store the database password…).
If we stay on the client side, then how can we store and access the token (whether it is a database or in a file), without the client being able to see the token file or being able to replicate our functions/methods to also access the token?
Could PsychoPy send the info to a PHP webpage which checked the incoming data and added the password then redirected to the survey manager?
Yes indeed, this is an option I am considering. That said, I would have liked our code to remain on pavlovia. We have several studies on our survey manager that contain different surveys and the token/password is specific to each study. So it will change and not everyone has access to the server where we could put the PHP file. Also, I don’t know if mixing different projects on one server is a good idea. I was wondering if there wasn’t a more direct option to protect a file uploaded to pavlovia from external access and use.