Clear VB variable
I want to clear VB variable (e.g password string) so that no one can brow application memory to find out it's value.
Software/Hardware used:
Software/Hardware used:
ASKED:
May 12, 2004 10:59 PM
UPDATED:
May 19, 2004 10:09 AM
Answer Wiki:
Probably one way would be to reset the variable to a default value after the initial processing.
To see all answers submitted to the Answer Wiki: View Answer History.
Please answer clearly. I’ve tried to set string variable to null; use array and “erase” it but nothing help.
Suppose your variable is x.
Then you should write
set x= nothing
in the Form_Unload event
If I get this straight, tuanna wants that “no one can brow(se) application memory to find out (its) value”, so I guess that tuanna may handle “unintelligible” values from the very beginning… if you encrypt your input before comparing it with the encrypted input you saved from the registration form (or whatever), then you validate that input without giving it away to a memory scavenger (hey, I like this term) except for the time that the user is typing it down before pressing Enter. If you combine this with a text box that does not echo its input, then you make it hard to sniff the input unless you can tap the keyboard cord.
set s = nothing will not work for a string variable, only an object reference.
Note that even if s were an object reference, Set s = nothing, would not guarantee the object s points would be destroyed as it is merely a pointer. If another pointer was set to the object the object would not be destroyed. It only gets destroyed when its pointer count reaches 0.
Use s = “” to reset the variable or use some form of encryption as suggested in the previous post.
Hi every body!
The command x=”" is the same as x=vbNullString. I’ve tried it but the problem still remains. You can try yourself (all of you).
The idea of encryption is good but does not help. I still want to protect the original value from compromised. I need some thing like memset in C.
From your question, I’m not quite clear if you are using VB6 or VB.Net. Some of us get questions for both…
1. If you are using VB.Net, you would want to check out the StringBuilder object. Basically with the StringBuilder you are working with the string buffer. You can just clear it and be done.
2. If you are using VB6, I believe that Mid$ should do the job (i.e., clear the actual string in the buffer, and not just set up a new one and change the reference):
Sub TestBufferClear()
Dim strSecret As String: strSecret = “My Secret”
Mid$(strSecret, 1, Len(strSecret)) = Space(Len(strSecret))
Debug.Print (strSecret)
End Sub
Can you MD5 hash it and then compare the hashes instead of working with the cleartext password?