Anyone knows how to clear the username and password before saving anything so that no one can get a hold of your information? http://www.mathworks.com/matlabcentral/fileexchange/8499-login I need it to be secure....any helpe please
Login GUI security issue.
1 Ansicht (letzte 30 Tage)
Ältere Kommentare anzeigen
Hi,
I am using one api from http://www.mathworks.com/matlabcentral/fileexchange/8499-login. Then I need to pass the username and password to my HTTP server. So my question is that is this safe to use this for login? Where those parameters are saved during processing? I can not see them in workspace, does it mean they do not exist at all? I just want to make sure the information will not leak in any case. thanks.
Akzeptierte Antwort
Guillaume
am 19 Mär. 2015
I need it to be secure
That's kind of meaningless. Secure against what? NSA style spying? casual over the shoulder snooping? Who is the adversary?
As far as I know matlab does not make any claim as far as security goes, and does not offer any facility to make the storing of password secure, even temporarily.
The login GUI that you've linked also does not make any attempt to secure the password other than obscuring it in the dialog. In particular. the password is returned as plain text.
Matlab also stores it as plain text in memory and does not offer features to store in secure memory or scrub it afterward. So, a memory dump of the machine could reveal the password.
The password may not appear in the workspace at the end of your code, but it certainly was in the workspace of your function while it runs. Anybody with access to matlab could override a number of built-in functions to capture your password, or issue debugging commands to stop your program and see the value of the password. It is trivial to capture the workspace variables of any function.
In brief, If you do want security do not use matlab but use software dedicated to that and leave it to cryptography experts. Note: I am not an expert at all.
Also know that an attacker determined enough could just capture the password as you type it from the vibration of your keyboard transmitted to your desk, or could reconstruct the memory content of your computer even after it's been turned off.
3 Kommentare
Guillaume
am 19 Mär. 2015
If you use matlab as the user interface to prompt for the password or to transmit the password, then I believe that you cannot prevent a determined attacker from getting it from memory. At one point or another it will have to be stored in plain text in a function workspace.
I think the best course of action for you is to use that file exchange login gui that will prevent somebody shoulder surfing from seeing the password and accept that an attacker with access to your machine and enough determination can retrieve your password.
Any scheme that you could dream up to secure that password in matlab is bound to be full of holes and will only give you a false sense of security.
Sean de Wolski
am 19 Mär. 2015
But finding those holes could be a fun question on Answers, Guillame!
Weitere Antworten (0)
Siehe auch
Community Treasure Hunt
Find the treasures in MATLAB Central and discover how the community can help you!
Start Hunting!
Translated by 
Sie können auch eine Website aus der folgenden Liste auswählen:
Amerika
- América Latina (Español)
- Canada (English)
- United States (English)
Europa
- Belgium (English)
- Denmark (English)
- Deutschland (Deutsch)
- España (Español)
- Finland (English)
- France (Français)
- Ireland (English)
- Italia (Italiano)
- Luxembourg (English)
- Netherlands (English)
- Norway (English)
- Österreich (Deutsch)
- Portugal (English)
- Sweden (English)
- Switzerland
- United Kingdom (English)
Asien-Pazifik
- Australia (English)
- India (English)
- New Zealand (English)
- 中国
- 日本Japanese (日本語)
- 한국Korean (한국어)