home *** CD-ROM | disk | FTP | other *** search
- Path: solon.com!not-for-mail
- From: seebs@solutions.solon.com (Peter Seebach)
- Newsgroups: comp.lang.c
- Subject: Re: Hiding a password
- Date: 29 Mar 1996 16:13:45 -0600
- Organization: Usenet Fact Police (Undercover)
- Message-ID: <4jhnap$56b@solutions.solon.com>
- References: <4jc0gu$crg@fnord.dfw.net>
- NNTP-Posting-Host: solutions.solon.com
-
- In article <4jc0gu$crg@fnord.dfw.net>,
- Azazel Diabolus (aka Fetelgeuse) <ftlgeuse@dfw.dfw.net> wrote:
- >OK, Tanmoy, there is no need to be such a smart-ass. The code I posted was
- >a mere "snippet" to give the original poster and idea of the "theory" of
- >my suggestion. I openly admitted that the code verbatim probably would not
- >do the trick which is why I explained what it was doing. It is not up to me
- >to ensure that each reader knows how to properly prototype his/her functions,
- >or knows which header files to include for a given function (i.e. getch())
-
- Okay, while you're at it, about the whole "smart-ass" thing, find a header
- I can include that will give me access to this mythical "getch()" function.
- It seems to be strangely lacking on this system.
-
- >Also, the compiler the reader chooses is obviously going to make a difference
- >so I will remember to include which compiler I succesfully used with any
- >future code references to prevent the onslaught of nitpicking egoists from
- >flooding my mailbox with things like "that won't work! Jeez you're dumb."
-
- Cool! Now we can flood your mailbox with things like "that won't work
- for anyone else! Jeez you're dumb". If you want to post to a language
- newsgroup, kindly post answers in the language selected, *not* in the
- extended form of it your particular compiler happens to allow.
-
- >To save the typing of those who wish to pick apart my friendly advice:
- >This code is not a tutorial in encryption or security, it is just meant to
- >show the original poster a way he can get input from the keyboard without
- >having it echoed to the screen! (I wrote it merely because I did not like
- >the limitiation of my compilers version of a function in conio.h called
- >getpass() which limits the input to 8 characters. I also realize that the
- >buffer could overflow causing problems but on my computer using this function
- >I have input 300 characters without a problem- I haven't tried any more
- >than that)
-
- I love it; I know the buffer could be overflowed, but it didn't matter
- when I tried it, so don't worry. Clever.
-
- getpass() is a nearly standard function (it's standard, it's just not
- standard *C*), and is actually a very good answer. Passwords much over
- 8 characters may become insecure because it's easier to decrypt them
- in some cases. :)
-
- >/*-----------------------BEGIN CODE-----------------*/
-
- >#include<stdio.h>
- >#include<conio.h>
-
- Hmm. My compiler doesn't have one of these.
-
- >char *getstring_noecho()
- >{
- > char *string;
- > int i=0;
- > _setcursortype(0);
-
- Huh?
-
- > while(string[i-1]!=13) {
- > string[i++]=getch();
-
-
- This is worse than it immediately appears:
-
- string doesn't point anywhere yet. You may overwrite random memory by
- doing this.
-
- string[i-1] is invalid the first time through unless you have initialized
- string to point at least one char into a real object.
-
- string[i-1] could be 13 by sheer chance, since it's uninitialized.
-
- Do you have even a *fraction* of a clue what you're doing?
-
- > }
- > string[i-1]=NULL;
-
- Twit. NULL may be (void *) 0, in which case, this won't work. ASCII 0
- is *NOT* the same as NULL. The first character in ASCII is called
- "NUL". Count the L's. (If you can't count to 2, write me privately,
- and I'll send you the numbers.)
-
- > return(string);
- >}
-
- >void main()
-
- Hmm. What does "warning: return type of main is not `int'" mean? Perhaps
- it means you're reading a book by Herbert Schildt. If so, my apologies;
- you would have had no way of knowing you were being spoonfed lies.
-
- >{
- > char *password;
- > printf("Enter password:");
- > password=getstring_noecho();
- > printf("%s",password);
- >}
-
- >If you want to rag on this go ahead but remember that it was only meant as
- >a nice gesture to the person who had asked for a way to get input from the
- >keyboard without having it echoed to the screen; I gave him a way. That
- >is the only thing this code is meant to do so for everyone who sits around
- >waiting to harp on someones code they dislike - get a life; if you don't
- >like someone's advice to someone else, give better advice or shut up!
-
- Okay, I'll give better advice. Don't post stupidly broken code. You are
- not "helping" anyone by giving them bad advice. (Unless they want homework
- done for them; false answers may help them learn to do their own work.)
-
- Don't be "nice" if you can't actually contribute. You seem to have this
- idea that a room full of idiots spouting nonsense, nicely, would be an
- improvement over a room with a few experts answering questions carefully
- and correctly, whether they were nice or not.
-
- Tain't so. I would personally be *pissed* if someone gave me example
- code, and it didn't work, more so if it was because the person obviously
- didn't have even the vaguest concept of how pointers work in C.
-
- >Oh, and Tanmoy, don't pretend to have a clue when you don't.
-
- *smirk* This from someone who writes to uninitialized pointers?
-
- >Fetelgeuse.
-
- I'm leaving this in because I can't tell what it is.
-
- -s
- --
- Peter Seebach - seebs@solon.com - Copyright 1996 Peter Seebach.
- C/Unix wizard -- C/Unix questions? Send mail for help. No, really!
- FUCK the communications decency act. Goddamned government. [literally.]
- The *other* C FAQ - http://www.solon.com/~seebs/c/c-iaq.html
-
