[fpc-pascal] Is it necessary to protect passed passwords in memory?
Tomas Hajny
XHajT03 at mbox.vol.cz
Thu Nov 2 08:07:13 CET 2006
On 1 Nov 06, at 18:13, Johannes Nohl wrote:
> > And where do you think the phrase 'My Secret Password' would be stored
> > other than memory?
>
> so you have to override variables after use? like
>
> var pwd: array[0..15] of char;
> xpwd: string;
>
> [...]
>
> readln(pwd);
> xpwd := encrypt(pwd);
> pwd := '123456789012345'; // override
>
> [...]
>
> ???
Yes, and obviously don't declare it within the
program (that's what appeared in the original
example from Marc Pertron) - your example is
indeed better from this point of view. I'd add
that the disadvantage of ReadLn (used by you) is
that it shows typed characters on console and in
addition, I believe that these characters might
be temporarily stored in a buffer in memory too
(before they get overwritten with following
input).
Tomas
More information about the fpc-pascal
mailing list