I would like to store a file containing a password on pavlovia. This password would then be retrieved in our online task to communicate with an external API. This password provides access to confidential data, so we would like it to be as secure as possible and not accessible from outside.
I should point out that our task is private.
If we upload the file to the resources folder, will it be accessible by the client? Do you know a way to access our password in the task without an external person being able to copy/paste our code and access the password too?
Let’s take a more concrete case, it might be clearer. I want to send the data from the experiment to an online survey manager. This is done very well with a post request inside the task.
I have a password (token) for example :3232hdsd which authenticates me when I send my post request inside a code component. This password also gives me the ability to delete data in the survey manager. So I would like to secure it but also control who can use it.
In the case of the VESPR portal, their code is in a php page so it is server side. This means that the client does not have access to the functions and methods for using and manipulating the debrief text.
I think that with pavlovia, we can’t upload php files. Therefore, access to the database seems complicated (where to store the database password…).
If we stay on the client side, then how can we store and access the token (whether it is a database or in a file), without the client being able to see the token file or being able to replicate our functions/methods to also access the token?
Yes indeed, this is an option I am considering. That said, I would have liked our code to remain on pavlovia. We have several studies on our survey manager that contain different surveys and the token/password is specific to each study. So it will change and not everyone has access to the server where we could put the PHP file. Also, I don’t know if mixing different projects on one server is a good idea. I was wondering if there wasn’t a more direct option to protect a file uploaded to pavlovia from external access and use.