From the course: Secure Coding in C

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Storing passwords and codes

Storing passwords and codes - C Tutorial

From the course: Secure Coding in C

Start my 1-month free trial

Storing passwords and codes

- [Instructor] Don't code into any program authentication codes or passwords as string literals. No, ideally, you'll want to put that information into a separate file, so in this code, you see a PIN stored as a string literal at line seven. This program does a simple comparison with that PIN and whatever text was input to allow a user to proceed, and from looking at the code, I know that the PIN is 12345, same combination as my luggage, and it works, no surprise. Here in a Linux terminal window, I can use the strings command to search the program's binary for any strings, and there you see plain as day, the PIN. Any hacker could use this simple tool to extract strings, and look for passwords and access codes. In this exercise file, the PIN is stored in a separate file, Access TXT, defined at line seven. The file is opened, and the PIN extracted. Access is granted. This approach is secure, but not foolproof. After all, the…

Contents