Prevent strings stored in memory from being read by other programs

Posted by Roy on Stack Overflow See other posts from Stack Overflow or by Roy
Published on 2010-12-27T05:50:40Z Indexed on 2010/12/27 5:53 UTC
Read the original article Hit count: 315

Filed under:

c++

|

string

|

security

Some programs like ProcessExplorer are able to read strings in memory (for example, my error message written in the code could be displayed easily, even though it is compiled already).

Imagine if I have a password string "123456" allocated sequentially in memory. What if hackers are able to get hold of the password typed by the user? Is there anyway to prevent strings from being seen so clearly?
Oh yes, also, if I hash the password and sent it from client to server to compare the stored database hash value, won't the hacker be able to store the same hash and replay it to gain access to the user account? Is there anyway to prevent replaying?

Thank You!

© Stack Overflow or respective owner

Related posts about c++

C++ : C++ Primer (Stanley Lipmann) or The C++ programming language (special edition)

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a Computer Science degree (long2 time ago) .. I do know Java OOP but i am now trying to pick up C++. I do have C and of course data structure using C or pascal. I have started reading Bjarne Stroustrup book (The C++ Programming Language - Special Edition) but find it extremely difficult esp… >>> More
Which C++ book shold I get between "C++ Primer" vs "C++ Primer Plus"

as seen on Stack Overflow - Search for 'Stack Overflow'
I want to learn C++ by using Vim and MinGW as compiler. I'm interesting at "C++ Primer (4th Edition)" and "C++ Primer Plus (5th Edition)" but I don't know how about it different. It has no book store that I can review those books, so I want to know, what is the different between those book and which… >>> More
Managed c++ std::string not accessible in unmanaged c++

as seen on Stack Overflow - Search for 'Stack Overflow'
In unmanaged c++ dll i have a function which takes constant std::string as argument Prototype : void read ( const std::string &imageSpec_ ) I call this function from managed c++ dll by passing a std::string. When i debug the unmanaged c++ code the parameter imageSpec_ shows the value correctly… >>> More
I need help on my C++ assignment using MS Visual C++

as seen on Stack Overflow - Search for 'Stack Overflow'
Ok, so I don't want you to do my homework for me, but I'm a little lost with this final assignment and need all the help I can get. Learning about programming is tough enough, but doing it online is next to impossible for me... Now, to get to the program, I am going to paste what I have so far. This… >>> More
The Definitive C++ Book Guide and List

as seen on Stack Overflow - Search for 'Stack Overflow'
After more than a few questions about deciding on C++ books I thought we could make a better community wiki version. Providing QUALITY books and an approximate skill level. Maybe we can add a short blurb/description about each book that you have personally read / benefited from. Feel free to debate… >>> More

Related posts about string

Read array dump output and generates the correspondent XML file

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, The text below is the dump of a multidimensional array, dumped by the var_dump() PHP function. I need a Java function that reads a file with a content like this (attached) and returns it in XML. For a reference, in site http://pear.php.net/package/Var_Dump/ you can find the code (in PHP) that… >>> More
Formatting a date string when the string sits inside another string

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I'm trying to figure out a way to format a date string that sits inside string using javascript. The string can be: "hello there From 2010-03-04 00:00:00.0 to 2010-03-31 00:00:00.0" or "stuff like 2010-03-04 20:00:00.0 and 2010-03-31 00:00:02.0 blah blah" I'd like it to end up like: "stuff… >>> More
Using String+string+string vs using string.replace

as seen on Stack Overflow - Search for 'Stack Overflow'
A colleague told me that using the following method: string url = "SomeURL"; string ext = "SomeExt"; string sub = "SomeSub"; string subSub = "moreSub"; string Url = @"http://www." + Url +@"/"+ ext +@"/"+ sub + subSub; is not efficenet (takes more resources) and it is preferred to use the… >>> More
vb.net string concatenation string + function output + string = string + function output and no more

as seen on Stack Overflow - Search for 'Stack Overflow'
The following output produces a string with no closing xml tag. m_rFlight.Layout = m_rFlight.Layout + "<G3Grid:Spots>" + Me.gvwSpots.LayoutToString() + "</G3Grid:Spots>" This following code works correctly m_rFlight.Layout = m_rFlight.Layout + "<G3Grid:Spots>" + Me.gvwSpots.LayoutToString() m_rFlight… >>> More
Trying to convert simple midlet application to Android application but running into problems.

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi I am trying to do some threading in Android so I took an old threading assignment I had done fora midlet and took out the midlet code and replaced it with android code(such as textview). package com.assignment1; import android.app.Activity; import android.os.Bundle; import android.widget.TextView; public… >>> More