I am writing a software that grabs a password using std::cin
However unlikely, i am trying to avoid the possibility that the password get paged to the disk from memory so I want to modify the buffer of std::cin
to overwrite the password as soon as I'm done with it.
right now i have this:
std::cin.cle开发者_Go百科ar();
std::stringstream ss;
ss << "0000000000000000000000000000000000000000000000";
std::cin.rdbuf(ss.rdbuf());
std::cin.clear();
but I'm pretty sure this is bad since it doesn't take into account the current size of the cin buffer. How do i properly overwrite the contents of the buffer?
thanks for any help!
Even if you scribble over the buffer immediately, it's still possible the password is written to disk. A system i/o buffer might be paged to disk, as might the working memory which std::cin is in. I used to develop forensic software which sniffed out exactly these conditions.
You can use gptr()
and egptr()
to get the beginning and end of the buffer.
Edit: As Charles Bailey pointed out, these are protected. My assumption is that if you want a stream buffer that you can clear its contents at a specified time, that you'd be implementing one of your own that derives from one of the standard stream buffer classes, but provides a clear()
member (or whatever name you find convenient). Changing the contents of the buffer without the buffer manager knowing about it will generally be a rather bad thing...
精彩评论