[fpc-pascal] Is it necessary to protect passed passwords in memory?

Michael Van Canneyt michael at freepascal.org
Wed Nov 1 16:58:45 CET 2006



On Wed, 1 Nov 2006, Johannes Nohl wrote:

> Dear list,
> 
> I was thinking of writing a daemon in freepascal. When the program is
> started it will ask for a password. Then keep the pass in a string
> variable, using it every 10 minutes.
> 
> It's not for an high security environment but I'm interested in
> general. How to protect those information in memory?

Just keep the password encrypted in memory, and decrypt it
before you use it.
You can use the XOrEncode and XOrDecode functions for this. 
They are in the strutils unit.

Michael.



More information about the fpc-pascal mailing list