c++ - how to show enter password in the form of Asterisks(*) on terminal -
i want write simple c
program verify password
, example if password equal 1234 want print welcome else try again. problem follows:
i want display enter password in form of *
(star). for example..if user enter 1234 appear ****
avoid other person see entered password.
can give me idea how achieve using c or c++. platform : unix
the solution platform-specific, unfortunately.
on linux or bsd, can use readpassphrase function (there getpass, though suffers not allowing buffer , buffer size provided caller. documentation gnu lib c (link broken? try this alternative instead) library provides excellent guide on how implement in terms of lower level termios primitives, can use on other unix implementations in lieue of getpass).
on windows, can use setconsolemode disable default echoing behavior (and echo own characters such asterisk). use setconsolemode restore echoing.
i should add, however, poor form of authentication involves yet more passwords bane of every user's existence (and not particularly secure, either). better approach start webserver in application , output url on user should authenticate. advantage approach that, when user navigates url, url can support delegated login third party identity providers such google, facebook, twitter, etc. if don't support third party identity providers, approach comes other benefits; if have other web-based tools, approach reduces number of times user must authenticate (since commandline tool , web based tools share same browser session) , allows implement login flow once, approach mitigates phishing risks (users can plainly see host in browser when enter credentials compared entering credentials on commandline easier spoof prompt, , if redirect localhost @ last step majority of logic on remote host approach allows updates authorization flow deployed independently of client commandline application has important security benefits. being said, web based login such not right approach. worth looking alternative authentication mechanisms such libpam (under libpam, use function pam_authenticate authenticate user rather taking password input directly). it's worth investing research determine best mechanism particular use case.
Comments
Post a Comment