如何在终端以星号(*)的形式显示输入密码 [英] how to show enter password in the form of Asterisks(*) on terminal
问题描述
我想写一个简单的C程序来验证password,例如如果password等于1234 那么我想打印 欢迎 否则 再试一次.但问题如下:
I want to write a simple C program to verify the password, for example if password is equal to 1234 then i want to print Welcome else try again. But the problem is as follows:
我想以*(star)的形式显示输入密码.例如..如果用户输入 1234 它将显示为 **** 以避免其他人看到输入的密码.
I want to display enter password in the form of *(star).
for example..if user will enter 1234 it will appear as **** to avoid other person to see the entered password.
谁能告诉我如何使用 c 或 c++ 实现它.平台:UNIX
Can anyone give me a idea how to achieve it using c or c++. Platform : UNIX
推荐答案
不幸的是,解决方案是特定于平台的.
The solution to this is platform-specific, unfortunately.
在 Linux 或 BSD 上,您可以使用 readpassphrase 功能(还有 getpass,尽管它不允许调用者提供缓冲区和缓冲区大小.GNU Lib C 的文档(链接损坏?尝试 <一个 href="http://www.gnu.org/software/libc/manual/html_mono/libc.html#getpass" rel="nofollow">这个替代方案)库也提供了一个很好的指南,说明如何自己根据较低级别的 termios 原语实现这一点,您可以在其他 UNIX 实现中使用它来代替 getpass).
On Linux or BSD, you can use the readpassphrase function (there is also getpass, though it suffers from not allowing the buffer and buffer size to be provided by the caller. The documentation for the GNU Lib C (link broken? try this alternative instead) library also provides an excellent guide on how to implement this yourself in terms of the lower level termios primitives, which you can use on other UNIX implementations in lieue of getpass).
在 Windows 上,您可以使用 SetConsoleMode 禁用默认回显行为(从而回显您自己的字符,例如星号).然后您可以使用 SetConsoleMode 来恢复回声.
On Windows, you can use SetConsoleMode to disable the default echoing behavior (and thus echo your own characters such as the asterisk). You could then use SetConsoleMode to restore the echoing.
然而,我应该补充一点,这是一种非常糟糕的身份验证形式,因为它涉及更多密码,这些密码是每个用户存在的祸根(而且也不是特别安全).更好的方法是在您的应用程序中启动一个网络服务器并输出用户应在其上进行身份验证的 URL.这种方法的优点是,当用户导航到此 URL 时,该 URL 可以支持委托登录到第三方身份提供商,例如 Google、Facebook、Twitter 等.即使您不支持第三方身份提供商,这种方法还有其他好处;如果您有其他基于 Web 的工具,则此方法减少了用户必须进行身份验证的次数(因为命令行工具和基于 Web 的工具将共享相同的浏览器会话)并允许您仅实现一次登录流程,此方法还降低了网络钓鱼风险(用户在输入凭据时可以在浏览器中清楚地看到主机,而在命令行上输入凭据则更容易欺骗提示,如果您只在最后一步重定向到 localhost 但执行远程主机上的大多数逻辑 这种方法还允许独立于客户端命令行应用程序部署授权流的更新,这具有重要的安全优势.也就是说,像这样的基于 Web 的登录并不总是正确的方法.还值得研究替代身份验证机制,例如 libpam(在 libpam 下,您将使用函数 pam_authenticate 来验证用户而不是直接将密码作为输入).值得进行一些研究,以确定适合您的特定用例的最佳机制.
I should add, however, that this is a very poor form of authentication as it involves yet more passwords which are the bane of every user's existence (and not particularly secure, either). A better approach is to start a webserver in your application and output the URL on which the user should authenticate. The advantage to this approach is that, when the user navigates to this URL, that URL can then support delegated login to third party identity providers such as Google, Facebook, Twitter, etc. Even if you don't support third party identity providers, this approach comes with other benefits; if you have other web-based tools, this approach reduces the number of times that the user must authenticate (since the commandline tool and web based tools will share the same browser session) and allows you to implement the login flow only once, this approach also mitigates phishing risks (users can plainly see the host in the browser when they enter their credentials compared to entering credentials on the commandline where it is much easier to spoof a prompt, and if you only redirect to localhost at the last step but do the majority of the logic on a remote host this approach also allows updates to the authorization flow to be deployed independently of the client commandline application which has important security benefits. That being said, a web based login such as this is not always the right approach. It is also worth looking into alternative authentication mechanisms such as libpam (under libpam, you would use the function pam_authenticate to authenticate the user rather than taking the password as input directly). It's worth investing some research to determine the best mechanism for your particular use case.
这篇关于如何在终端以星号(*)的形式显示输入密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
