Prevent reading lines in memory from other programs

Question

Prevent reading lines in memory from other programs

Some programs, such as ProcessExplorer, can read lines in memory (for example, my error message written in the code can easily be displayed even if it has already been compiled).

Imagine that in the line of memory allocated sequentially in memory, there is a password line "123456". What if hackers can get the password entered by the user? Is there a way to prevent row visibility?
Oh yes, also, if I had a hash password and sent it from the client to the server in order to compare the stored database hash value, the hacker will not be able to save the same hash and play it in order to access the user account? Is there a way to prevent playback?

Thank!

+5

c ++ string security

Roy Dec 27 '10 at 5:50

source share

4 answers

Andrew . - , , , - , . - : http://en.wikipedia.org/wiki/Challenge-response_authentication

+2

Reinderien 27 . '10 6:13

( XOR). Windows Anti-Debugging

+1

Kirill V. Lyadvinsky 27 . '10 5:56

, , , , , , , /.

0

Septagram 27 . '10 5:54

Andrew T Finnell · Accepted Answer · 2010-12-27T06:01:52+0000

I believe that you are mixing two things. The found ProcessExplorer parameters can also be found with the "strings" command on Unix. It simply flushes all stored lines in the executable, and not in the current memory.

If you did not compile the user password into your program, the memory intended for storing data should not be read by ProcessExplorer.

, . , . , . .

, , , . - . https://www.securecoding.cert.org/confluence/display/seccode/MEM06-C.+Ensure+that+sensitive+data+is+not+written+out+to+disk

[]

, .

, PKI. , . , . , , . , , , .

, - .

, -. PKI.

: 1. 2.

: http://en.wikipedia.org/wiki/Public_key_infrastructure

Prevent reading lines in memory from other programs

More articles: