views:

145

answers:

3

i want to use "plink.exe -u username -pw securepassword" on my windows visual c++ program. will username and password remain safe while calling this command? I mean can a hacker steal or sniff the username and password? (consider hacker can't get to the password directly from the exe file)

A: 

Does the hacker somehow have access to memory but not the executable? He could certainly pull it from memory, but it's hard to know what security problems you're facing without knowing the actual situation

Michael Mrozek
just think it this way. that usename and password is an admin account on my server! so id the hack somehow can get his hand on that username and password, well i would say the server would be lost.
EBAGHAKI
Yeah, I understood your concern, I meant without knowing what kind of access the "hacker" has it's hard to say what problems you need to worry about
Michael Mrozek
+2  A: 

Use SSH Keys so your program does not have to use a password directly. Even if the hacker can sniff the username, a strong password should prevent an attack.

Matt
+1  A: 

If I had access to plink.exe (presumably running on the local box) then I could replace it with a Trojan version that logged your user/pass - but still otherwise worked as normal. Its potentially a bad idea, but then again, if I have access to the box then all bets are off.

PaulG
lol, yeah you are pretty much right! the case dismissed! You just need to replace plink with an application to catch the parameters!
EBAGHAKI