如何显示星号的形式输入密码(*)端子 [英] how to show enter password in the form of Asterisks(*) on terminal
问题描述
我想写一个简单的 C 程序,以确认密码,例如,如果密码等于 1234 ,然后我想打印的欢迎其他的重试即可。但问题是,如下所示:
I want to write a simple C program to verify the password, for example if password is equal to 1234 then i want to print Welcome else try again. But the problem is as follows:
我要显示的表单中输入密码 * (星 )。
例如: ..如果用户输入1234,它将显示为 **** 来避免其他人看到输入的密码。
I want to display enter password in the form of *(star).
for example..if user will enter 1234 it will appear as **** to avoid other person to see the entered password.
谁能给我一个想法如何使用C或C来实现它++。
的平台:UNIX 的
Can anyone give me a idea how to achieve it using c or c++. Platform : UNIX
推荐答案
此解决方案是特定于平台的,很遗憾。
The solution to this is platform-specific, unfortunately.
在Linux或BSD,您可以使用 readpassphrase 功能(也有< A HREF =http://linux.die.net/man/3/getpass相对=nofollow>将getpass ,虽然它从不允许缓冲遭受和被调用者提供的大小的缓冲区。对于 GNU库ç(链接的文件坏了?试试< A HREF =http://www.gnu.org/software/libc/manual/html_mono/libc.html#getpass相对=nofollow>这种替代代替)库还提供了关于如何的优秀导游这在较低的水平termios的原语,您可以在将getpass的lieue)对其他UNIX实现使用方面实施自己。
On Linux or BSD, you can use the readpassphrase function (there is also getpass, though it suffers from not allowing the buffer and buffer size to be provided by the caller. The documentation for the GNU Lib C (link broken? try this alternative instead) library also provides an excellent guide on how to implement this yourself in terms of the lower level termios primitives, which you can use on other UNIX implementations in lieue of getpass).
在Windows中,可以使用的 SetConsoleMode 禁用默认呼应行为(从而呼应自己的字符,如星号)。然后,您可以使用SetConsoleMode恢复呼应。
On Windows, you can use SetConsoleMode to disable the default echoing behavior (and thus echo your own characters such as the asterisk). You could then use SetConsoleMode to restore the echoing.
我要补充然而,这是验证一个非常贫穷的形式,因为它涉及了更多的密码这是每个用户的存在的祸根(并没有什么特别的安全,无论是)。更好的方法是在你的应用程序和输出上,用户应验证URL启动Web服务器。这种方法的好处是,当用户浏览到这个网址,该网址就可以支持委托登录到第三方身份提供商如谷歌,Facebook,Twitter等即使你不支持第三方身份提供者,这种做法带有其他利益;如果你有其他基于Web的工具,这种做法减少了用户必须验证(因为命令行工具和基于Web的工具将共享相同的浏览器会话)的次数,并允许您只执行一次的登录流程,这种方法还能够减轻网络钓鱼的风险(用户可以清楚地看到主机在浏览器中时,他们相比于它是很容易欺骗提示命令行输入凭据输入他们的凭据,如果你只重定向在最后一步为localhost,但做大多数远程主机上的逻辑,该方法还允许更新授权流程进行独立具有重要的保障福利的客户端命令行应用的部署。话虽这么说,一个基于Web的登录,如这不总是正确的方法。这也是值得探讨的替代身份验证机制,如libpam可以(在libpam可以,你可以用函数 pam_authenticate < /一>来验证用户,而不是直接服用密码作为输入)。这是值得投资的一些研究,以确定最佳的机制,为您的特定使用案例。
I should add, however, that this is a very poor form of authentication as it involves yet more passwords which are the bane of every user's existence (and not particularly secure, either). A better approach is to start a webserver in your application and output the URL on which the user should authenticate. The advantage to this approach is that, when the user navigates to this URL, that URL can then support delegated login to third party identity providers such as Google, Facebook, Twitter, etc. Even if you don't support third party identity providers, this approach comes with other benefits; if you have other web-based tools, this approach reduces the number of times that the user must authenticate (since the commandline tool and web based tools will share the same browser session) and allows you to implement the login flow only once, this approach also mitigates phishing risks (users can plainly see the host in the browser when they enter their credentials compared to entering credentials on the commandline where it is much easier to spoof a prompt, and if you only redirect to localhost at the last step but do the majority of the logic on a remote host this approach also allows updates to the authorization flow to be deployed independently of the client commandline application which has important security benefits. That being said, a web based login such as this is not always the right approach. It is also worth looking into alternative authentication mechanisms such as libpam (under libpam, you would use the function pam_authenticate to authenticate the user rather than taking the password as input directly). It's worth investing some research to determine the best mechanism for your particular use case.
这篇关于如何显示星号的形式输入密码(*)端子的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
