Aren't passwords written in inputbox vulnerable through a stack trace ?
- by loursonwinny
Hello,
I am not a guru of the stack tracing, at all. I even don't know how to get some. Anyway, I am wondering if entering a password entered in an inputbox is safe. Can't it be retrieved by getting a stack trace ?
A password entered that way will be found in many places :
Caption property of the TEdit
Result of the function which creates the inputbox
probably, a variable that stores the Result of the InputBox Command
etc...
If the answer is "yes, it is a vulnerability", then my world collapses :p. What can be done to avoid that vulnerability hole ?
NOTE : The InputBox is an example but it can be with a "homebrewed" login prompt.
InputBox is a Delphi command but I haven't tagged the question with the Delphi tag because I suppose that the question concerns any language.
Thanks for reading