|
at least use snprintf - to limit the number of chars to be put in the buffer.
-c
shh! the audience (and the NSA) is listening
|
|
|
|
|
We should definitely use appropriate C++ classes for dealing with memory when raw performance is not needed.
When raw performance is needed, though, there is no substitute for stack allocated C style arrays. And heap allocated C style arrays will still outperform any object oriented solution available today.
I have experimented in one of my libraries with CString, std::string and TCHAR arrays and there is no doubt that TCHAR arrays delivered the best performance by far and in this particular system, performance was/is far more important than OOP. It definitely requires more work to make sure that it is done right and does not overwrite memory or access deleted memory but when needed it's the only way to go.
|
|
|
|
|
I haven't worried at all about security yet since I haven't gotten even close to a release version.
- Matt Newman / Windows XP Activist
-Sonork ID: 100.11179
Could you Would you with a goat? - Dr Suess
|
|
|
|
|
|
Somewhat. I am trying to get the core of the program done first. However, say my program uses password autheticiation the CheckPassword() function doesn't do anything it just assumes it is okay and passes it on. When I get a functioning build (ie the starts doing it's function) I will make CheckPassword() actually check the password etc etc. For example the server I am working on accepts connections and nothing more so there isn't any need for security so far.
- Matt Newman / Windows XP Activist
-Sonork ID: 100.11179
Could you Would you with a goat? - Dr Suess
|
|
|
|
|
I really suggest that you read some book on security (e.g. Writing Secure Code, MS Press).
There is more to security programming than a CheckPassword() function. And since you mentioned a server, things like DoS and similar attacks come into mind.
Think about
Andreas
Vote against software patents in europe
|
|
|
|
|
Andreas Saurwein wrote:
There is more to security programming than a CheckPassword() function
I was just using that as an example.
I do have to worry about DoS etc but my server doesn't really do anything that could be exploited yet. I was mearly saying that my project is in it's infancy and is even close to exposing criticaly information.
Andreas Saurwein wrote:
Writing Secure Code, MS Press
Thanks for the book suggestion I will have to check that out.
- Matt Newman / Windows XP Activist
-Sonork ID: 100.11179
Could you Would you with a goat? - Dr Suess
|
|
|
|
|
When you work in a bank... security is always an issue... I´m really paranoid with security... just as my bosses
Mauricio Ritter - Brazil
Sonorking now: 100.13560 Trank
The alcohol is one of the greatest enemys of man, but a man who flee from his enemys is a coward.
|
|
|
|
|
I do GSM MO & BioMetric Solutions and security is really a big issue. Especially if you ship products worldwide!!
Empowerment through development. If the development only WANTS TO WORK!!
|
|
|
|
|
I think we've gomne a little paranoid on security. I can't believe the number of places that expect me to supply a password these days. I've gotten to the point now that, if someone expects me to set up an account and supply a password in order to upload shareware to their site, I simply say "no".
And I have a small set of passwords that I use for everything, along with a simple set of rules for deriving new ones. Maybe the security "experts" (parasites?) think this is a bad idea, but I have to live in the real world.
|
|
|
|
|
Jim I keep a simple text file on my PC that has been encrypted by one password using a simple app.
The text file contains all my accounts, Usernames/IDs and Passwords/ that I use.
Darn boring but it works,
All I have to remember is One Master Password and I have Access to the rest.
"Maybe I should make a proper App that does this" Because I find it so darn useful.
Regardz
Colin J Davies
Sonork ID 100.9197:Colin
More about me
|
|
|
|
|
There are actually a ton of password managers available for free that do this (even though I'm about to write one in C# just for the hell of it.) Search for "password managers" on Google and pick the one you like.
Kevin
|
|
|
|
|
I should have guessed they were already available.
Regardz
Colin J Davies
Sonork ID 100.9197:Colin
More about me
|
|
|
|
|
Kevin Stewart wrote:
There are actually a ton of password managers available for free that do this (even though I'm about to write one in C# just for the hell of it.) Search for "password managers" on Google and pick the one you like.
Maybe they have a backdoor
That would be a good reason to write one yourself
|
|
|
|
|
Many web sites don't seem to require an account not dor security, but for acquiring your e-mail address...
It's hard to scratch your ass when you sit on it. [sighist]
|
|
|
|
|
"None - we just don't care"
|
|
|
|
|
Most real security is real security not code.
Like leaving passwords lying arround, easy passwords,
File size checks. Logs etc.
Regardz
Colin J Davies
Sonork ID 100.9197:Colin
More about me
|
|
|
|
|
I'm always amazed by how easily people will tell you their passwords. It's just not something that's taken seriously in a good many cases.
--------
A common man's understanding of science. Not a normal common man's of course. A very smart common man's. -- Nish, on Science Writing
|
|
|
|
|
ring ring ..
"Hello I'm John CrazyHorse from the special security detail can I check your details for an investigation we are doing for your employer."
Actually hacking a network from the outside is quite difficult in comparisson.
I know a lot of IT departments spend small fortunes on techo stuff, when they should be training employees on the basics.
Regardz
Colin J Davies
Sonork ID 100.9197:Colin
More about me
|
|
|
|
|
Colin Davies wrote:
when they should be training employees on the basics
You mean the infamous don't be dumb course?
Cheers,
Simon
"Every good work of software starts by scratching a developer's personal itch.", Eric S. Raymond
|
|
|
|
|
SimonS wrote:
You mean the infamous don't be dumb course?
Very Similar.
I think thats the idea. I'm often amazed by say a secratary who has used MS-Word for several years but can't send an email.
Regardz
Colin J Davies
Sonork ID 100.9197:Colin
More about me
|
|
|
|
|
Or just take their post-it note pad away from them..
Alice thought that running very fast for a long time would get you to somewhere else. " A very slow kind of country!" said the queen. "Now, here , you see, it takes all the running you can do, to keep in the same place".
|
|
|
|
|
So, errr... what is your password, I forgot?
Philip Patrick
Web-site: www.stpworks.com
"Two beer or not two beer?" Shakesbeer
Need Web-based database administrator? You already have it!
|
|
|
|
|
I have a problems with use of the high security password setup - trying to remember "45lkjfr8o7fw8o734iHoUUufriufds87r4" as my password is a little more than difficult.
Stopping people using password01, password02, password03, password04 etc is reasonable.
Alice thought that running very fast for a long time would get you to somewhere else. " A very slow kind of country!" said the queen. "Now, here , you see, it takes all the running you can do, to keep in the same place".
|
|
|
|
|
yup, the user is the weakest link.
But why shouldn't they? They are asked to use passwords they can't possibly remember, to use different passwords everywhere, to have them handy any time they might need it, but don't have them jotted down under their keyboard?
Sounds silly.
It's hard to scratch your ass when you sit on it. [sighist]
|
|
|
|