Question

Question 1. The following code asks the user to enter the password and check it with...

Question 1. The following code asks the user to enter the password and check it with the pre-defined password that stored in the system. If the entered password is correct, it will authenticate the user to log-in into the account, otherwise reject!

  1. Analyze the following code, how it works?
  2. Do you think this code is safe? Justify?
  3. Try to overwrite this code and report the outputs?
  4. Define any vulnerabilities in this code if exist?
  5. What we can do to make this code more secure? Justify by writing a secure version of this code.

#include <stdio.h>

#include <string.h>

#include <stdbool.h>

int main(void)

{

    char buff[8];

    bool pass = true ;

    printf("\n Enter the password : \n");

    gets(buff);

        if(strcmp(buff, "admin") ==0)

    {

        printf ("\n Correct Password \n");

        pass = true;

    }

    else

    {

        printf ("\n Wrong Password \n");

        pass = false;

        

    }

    if(pass)

    {

       /* authorized the user*/

        printf ("\n Permission is given to the user \n");

    }

    return 0;

}

Engineering   Computer-Science   
0 0
Add a commentTranscribed image text
Next >

Homework Answers

Answer #1

a.

In the given code, firstly the system prompts the user to enter the password.

It then waits for the user to enter the password and press the enter key in the keyboard, the entered string is stored in the 'buff' array.

Then the string entered by the user is compared with "admin", using the strcmp() function.

If the comparison results in identical strings, then the strcmp() function returns 0, else it returns a non-zero value.

If 0 is returned, then message is displayed as "Correct Password", and the value of the boolean variable 'pass' is set to true.

If 1 is returned, then the message is displayed as "Wrong Password", and the value of variable 'pass' is set to false.

Now, only if the value of the variable 'pass' is true, then the message "Permission is given to the user" is displayed.

In this way, the code works.

b.

The code is not safe, because this code restricts the password to be only 8 characters. Now even though 8 characters are more than enough for a strong password, still that acts as a restriction in the code.

Also, the password is set to "admin". Now, whoever may be the user, the password will be same for all as "admin".

Had it asked for the username also, then it would had been an additional security.

c.

The code can be overwritten as follows:

#include <stdio.h>

#include <string.h>

#include <stdbool.h>

int main(void)

{

    char buff[8];

    printf("\n Enter the password : \n");

    gets(buff);

        if(strcmp(buff, "admin") ==0)

    {

        printf ("\n Correct Password \n");

/* authorized the user*/

        printf ("\n Permission is given to the user \n");

    }

    else

    {

        printf ("\n Wrong Password \n");

        pass = false;

    }

return 0;

}

d.

The most important vulnerability in the code is the fact any user can access the system with the same password. And also, the limitation to the length of password adds to the vulnerability list. Even if the user tries to enter more than 8 characters, still only the first 8 characters will be taken and compared, and anyways will lead to wrong password message.

e.

The code can be made more secured, if there are different username and different passwords for different users.

An example for three different users can be as follows. But still using a database would be a better option. Still making the given code more secure will be as follows:

int main(void)

{

    char buff[8],username[8];

   

printf("\n Enter the username : \n");

    gets(username);

printf("\n Enter the password : \n");

    gets(buff);

        if((strcmp(username,"user1")&&strcmp(buff, "admin1") ==0)||(strcmp(username,"user2")&&strcmp(buff, "admin2") ==0)||(strcmp(username,"user3")&&strcmp(buff, "admin3") ==0))

    {

        printf ("\n Correct Password \n");

/* authorized the user*/

        printf ("\n Permission is given to the user \n");

    }

    else

    {

        printf ("\n Wrong Password \n");

        pass = false;

    }

return 0;

}

0 0
Know the answer?
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Log In

Sign Up

Not the answer you're looking for?
Ask your own homework help question
Similar Questions
Question 3. In the following code, answer these questions: Analyze the code and how it works?...
Question 3. In the following code, answer these questions: Analyze the code and how it works? How can we know if this code has been overwritten? Justify how? #include <stdlib.h> #include <unistd.h> #include <stdio.h> int main(int argc, char **argv) { int changed = 0; char buff[8]; while (changed == 0){ gets(buff); if (changed !=0){ break;} else{     printf("Enter again: ");     continue; } }      printf("the 'changed' variable is modified\n %d", changed); }
I am to create three different versions of the following C program code below that implements...
I am to create three different versions of the following C program code below that implements the conversion of unsigned binary numbers into decimal (Base 2 to Base 10 conversion). Version 1: Complete the C program ”bin2dec ver1.c” that implements binary to decimal conversion. The maximum number of binary bits is 32. The program is made of the functions ”unsigned binary to decimal(const char *str)”and ”main”. The parameter ”str” passed to this function points to a C string comprising only...
C Code! dictionary.c, start by downloading the boilerplate1 code from Blackboard. Read the code, then complete...
C Code! dictionary.c, start by downloading the boilerplate1 code from Blackboard. Read the code, then complete it at all places indicated by TODO. For this second assignment, you do not receive precise specifications. This is on purpose: in the software industry, you’ll find a lot of cases when you need to finish code started by others, while not being given precise instructions on how the code works or is supposed to work. The comments in the code will help you,...
"C language" Take this code and make the minor modification necessary to create a circular linked...
"C language" Take this code and make the minor modification necessary to create a circular linked list (Hint: Store a pointer to the first node in the next pointer of the last node.) Demonstrate that this is working by traversing the list until the first pointer is encountered 3 times. Next redefine the node structure to include a back pointer. This will enable your program to move from front to back and then from back to front. It is not...
C CODE PLZ! All instructions are in sections of code #include <stdio.h> /* TODO: Define 3...
C CODE PLZ! All instructions are in sections of code #include <stdio.h> /* TODO: Define 3 functions input, gcd and lcm in such a way that the main function below compiles correctly and has the correct behavior. The input function prompts the user to enter a non-negative integer. If the user enters a negative integer, the function prints a "sorry" statement and prompts the user again. It keeps on prompting until the user enters a non-negative number. The input function...
Please answer the following C question: There is a documented prototype for a function called get_a_line...
Please answer the following C question: There is a documented prototype for a function called get_a_line in the code below. Write a definition for get_a_line—the only function called from that definition should be fgetc. #include <stdio.h> #include <string.h> #define BUFFER_ARRAY_SIZE 10 int get_a_line(char *s, int size, FILE *stream); // Does what fgets does, using repeated calls to fgetc, but // provides a more useful return value than fgets does. // // REQUIRES // size > 1. // s points to...
Can someone please edit my code so that it satisfies the assignments' requirements? I pasted the...
Can someone please edit my code so that it satisfies the assignments' requirements? I pasted the codes below. Requirement: Goals for This Project:  Using class to model Abstract Data Type  OOP-Data Encapsulation You are asked to write an app to keep track of a relatively small music library. The app should load song information from a data file once the app is started. It should allow user to view, add, remove, and search for songs. The app should...
Please answer the following C question: Read the following files called array-utils5A.c and array-utils5A.h. Build an...
Please answer the following C question: Read the following files called array-utils5A.c and array-utils5A.h. Build an executable with gcc -Wall -DUNIT_TESTS=1 array-utils5A.c The definitions for is_reverse_sorted and all_different are both defective. Rewrite the definitions so that they are correct. The definition for is_alternating is missing. Write a correct definition for that function, and add unit tests for it, using the unit tests for is_reverse_sorted and all_different as models. Please explain the logic errors present in in the definition of is_reverse_sorted...
Using the C programming language implement Heapsort in the manner described in class. Here is some...
Using the C programming language implement Heapsort in the manner described in class. Here is some example code to use as a guideline. Remember, you need only implement the sort algorithm, both the comparison and main functions have been provided. /* * * after splitting this file into the five source files: * * srt.h, main.c, srtbubb.c, srtinsr.c, srtmerg.c * * compile using the command: * * gcc -std=c99 -DRAND -DPRNT -DTYPE=(float | double) -D(BUBB | HEAP | INSR |...
Description The word bank system maintains all words in a text file named words.txt. Each line...
Description The word bank system maintains all words in a text file named words.txt. Each line in the text file stores a word while all words are kept in an ascending order. You may assume that the word length is less than 20. The system should support the following three functions: Word lookup: to check whether a given word exists in the word bank. Word insertion: to insert a new word into the word bank. No insertion should be made...
ADVERTISEMENT
Need Online Homework Help?

Get Answers For Free
Most questions answered within 1 hours.

Ask a Question
ADVERTISEMENT