Aren't passwords written in inputbox vulnerable through a stack trace ?
Posted
by loursonwinny
on Stack Overflow
See other posts from Stack Overflow
or by loursonwinny
Published on 2010-05-07T10:31:18Z
Indexed on
2010/05/07
10:38 UTC
Read the original article
Hit count: 217
password
|vulnerability
Hello,
I am not a guru of the stack tracing, at all. I even don't know how to get some. Anyway, I am wondering if entering a password entered in an inputbox is safe. Can't it be retrieved by getting a stack trace ?
A password entered that way will be found in many places :
- Caption property of the TEdit
- Result of the function which creates the inputbox
- probably, a variable that stores the Result of the InputBox Command
- etc...
If the answer is "yes, it is a vulnerability", then my world collapses :p. What can be done to avoid that vulnerability hole ?
NOTE : The InputBox is an example but it can be with a "homebrewed" login prompt.
InputBox is a Delphi command but I haven't tagged the question with the Delphi tag because I suppose that the question concerns any language.
Thanks for reading
© Stack Overflow or respective owner