Tomas Hajny a écrit :
On 1 Nov 06, at 18:13, Johannes Nohl wrote:
Yes, and obviously don't declare it within the
program (that's what appeared in the original
example from Marc Pertron) - your example is
indeed better from this point of view. I'd add
that the disadvantage of ReadLn (used by you) is
that it shows typed characters on console and in
addition, I believe that these characters might
be temporarily stored in a buffer in memory too
(before they get overwritten with following
input).
Of course my example or the ReadLn are because we don't know your
program and where the password comes from.
It appears obvious that you should not write the password in clear text
in the software if you want it not to be read from memory !
It was an example for hashing password which are one of the best
solution but need a salt to avoid dictionary attacks.
Marc
_______________________________________________
fpc-pascal maillist - fpc-pascal@lists.freepascal.org
http://lists.freepascal.org/mailman/listinfo/fpc-pascal
