i want to use "plink.exe -u username -pw securepassword" on my windows visual c++ program. will username and password remain safe while calling this command? I mean can a hacker steal or sniff the username and password? (consider hacker can't get to the password directly from the exe file)
A:
Does the hacker somehow have access to memory but not the executable? He could certainly pull it from memory, but it's hard to know what security problems you're facing without knowing the actual situation
Michael Mrozek
2010-04-16 15:41:48
just think it this way. that usename and password is an admin account on my server! so id the hack somehow can get his hand on that username and password, well i would say the server would be lost.
EBAGHAKI
2010-04-16 15:45:05
Yeah, I understood your concern, I meant without knowing what kind of access the "hacker" has it's hard to say what problems you need to worry about
Michael Mrozek
2010-04-16 17:21:29
+1
A:
If I had access to plink.exe (presumably running on the local box) then I could replace it with a Trojan version that logged your user/pass - but still otherwise worked as normal. Its potentially a bad idea, but then again, if I have access to the box then all bets are off.
PaulG
2010-04-16 15:49:25
lol, yeah you are pretty much right! the case dismissed! You just need to replace plink with an application to catch the parameters!
EBAGHAKI
2010-04-16 15:54:49