Please answer clearly. I’ve tried to set string variable to null; use array and “erase” it but nothing help.
Suppose your variable is x.
Then you should write
set x= nothing
in the Form_Unload event
If I get this straight, tuanna wants that “no one can brow(se) application memory to find out (its) value”, so I guess that tuanna may handle “unintelligible” values from the very beginning… if you encrypt your input before comparing it with the encrypted input you saved from the registration form (or whatever), then you validate that input without giving it away to a memory scavenger (hey, I like this term) except for the time that the user is typing it down before pressing Enter. If you combine this with a text box that does not echo its input, then you make it hard to sniff the input unless you can tap the keyboard cord.
set s = nothing will not work for a string variable, only an object reference.
Note that even if s were an object reference, Set s = nothing, would not guarantee the object s points would be destroyed as it is merely a pointer. If another pointer was set to the object the object would not be destroyed. It only gets destroyed when its pointer count reaches 0.
Use s = “” to reset the variable or use some form of encryption as suggested in the previous post.
Hi every body!
The command x=”" is the same as x=vbNullString. I’ve tried it but the problem still remains. You can try yourself (all of you).
The idea of encryption is good but does not help. I still want to protect the original value from compromised. I need some thing like memset in C.
From your question, I’m not quite clear if you are using VB6 or VB.Net. Some of us get questions for both…
1. If you are using VB.Net, you would want to check out the StringBuilder object. Basically with the StringBuilder you are working with the string buffer. You can just clear it and be done.
2. If you are using VB6, I believe that Mid$ should do the job (i.e., clear the actual string in the buffer, and not just set up a new one and change the reference):
Dim strSecret As String: strSecret = “My Secret”
Mid$(strSecret, 1, Len(strSecret)) = Space(Len(strSecret))
Can you MD5 hash it and then compare the hashes instead of working with the cleartext password?