TEdit component and password security
The given article is devoted to a problem of security of the passwords when using TEdit component.
As you know at the component TEdit is a property PasswordChar, which by default is set to #0. If to set value of
this property in *, for want of execution of the program all characters will be mapped as *. Such possibility a
TEdit component is used for fields of input and displaying of the passwords or other secret information. And here
is danger. I think, you know, that all properties of components are stored in the file with the .DFM extension and
for want of compilations of the project linked in EXE the file. So here, the hacker wishing to see secret password,
by taking advantage the program of modification of resources, can change value of a property PasswordChar of TEdit
component in the EXE file and to see the password, which user has entered earlier. The given problem for programs
of the passwords, not requiring input, for want of input in the program, for example, program for dialing to ISP
especially is actual.
Solution of the given problem, under the judgement of the author, is the setting of value of a property PasswordChar
in run-time of the program. Though it and absolutely reliable solution, but at any stage it will become a problem for a hacker.
|
