From the course: Secure Coding in C
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Clearing data after use - C Tutorial
From the course: Secure Coding in C
Clearing data after use
- [Instructor] Sensitive data input into a program must be cleared after it's used. You don't want the information working in memory, so in this code, a five-digit PIN is required. The PIN is stored in another file, specified as access text on line nine. This method is secure, more secure than hard coding the PIN right here, but at about line 42 or so in the code, the PIN is stored in memory, along with the user's input. The issue is that a core dump or a memory scanning software can detect this data, especially if it isn't erased right away. In this improvement to the code, down at line 46, both the input retrieved, and PIN, are zeroed out. The buffers are filled with null characters. The program still works, but at this point however, the authentication data has been scrubbed from memory. Always scrub the buffer in this manner after important data has been used. For any sensitive data in your code that you don't want…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
(Locked)
Allocating strings2m 40s
-
(Locked)
Avoiding bad string assignment1m 28s
-
(Locked)
Working with string literals2m
-
(Locked)
Minding string functions3m 47s
-
(Locked)
Storing passwords and codes1m 15s
-
(Locked)
Clearing data after use1m 13s
-
(Locked)
Challenge: The secret code40s
-
(Locked)
Solution: The secret code1m 43s
-
(Locked)
-
-