.Open CSci202 Laboratory 09 Information Security . Goal We revisit the password and login problem and learn how to hide the passwords so they are not so easy to read. This reviews inheritance and file handling (Chapter 17) with seek, tell, read, write, and other direct access file functions in C++. This lab also shows you how write C++ programs for Command Line Interfaces. . Given Use the text book to review file handling. You need your working lab04main.cpp and buffer04.h files. Compile and rerun lab04main. Use the `strings` program on the compiled program .As_is strings lab04main (or perhaps .As_is strings a.out ) Can you find my name and `my password` in the listing? This is not secure! I will be giving you a new `SecureBuffer` class that encrypts its data as it constructs the buffer. `SecureBuffer` is derived from `Buffer`. .As_is class SecureBuffer: public Buffer {...} .See http://www/dick/cs202/SecureBuffer.h Plus a test program for it .See http://www/dick/cs202/tSecureBuffer.cpp I will also be giving you some outlines for the programs that you will need to complete. . Deliverables A set of test programs, handling passwords and names with a minimal degree of security. A working set of main programs that uses an extended Secure Buffer class that lets an administrator administer them and a user change them more securely. Here is a summary of the complete system from the point of view of the two types of user. .Image lab06.gif [Use case diagram of lab work] I drew this to help me design the programs you will be working with below. .Open Process You may have to change .See ./buffer04.h so that SecureBuffer has access to Buffer's private data (but nobody else has). Make this fix, if needed, and compile and rerun lab04main.cpp to test. The next `little` change is to remove an experimental "throw" inside the "operator[]" function. Instead it should return the null character: .As_is return '\0'; for index that are negative or greater than len. Leave the others untouched. .Set Adding an exception seemed like a good idea at the time. .Close.Set Again make this change and test. You can now compile and test SecureBuffer via tSecureBuffer.cpp. Here is a working program called 'list' .See http://www/dick/cs202/list.cpp This is complete. Use it to test your code. It shows you how to read the data in a file called `passwd` that doesn't exist yet. You can use it later to check the content of the `passwd` file. Your first task is to get this to work with your SecureBuffer. Here .See http://www/dick/cs202/passwd you can download a ready made testfile. The Unix command .As_is od -c passwd will show you the characters inside `passwd` including the unprintable ones in the encrypted data. The next program is named 'add' and places a name and an encrypted password into a special binary file `passwd`. Here is an example of a run: .As_is add botting 1234567 User Ids (botting above) are placed in a file with no encryption. The password is encrypted in `add` and then stored the direct access file called .As_is passwd Here is the code.... with some key parts replaced by /*******/: .See http://www/dick/cs202/add.cpp You task is to figure out what I removed and replace it so that the program works again. Third: a working program that deletes data from the passwd file. Here is the code.... with some key parts replaced by /*******/: .See http://www/dick/cs202/del.cpp Fix it. Last: A working program that uses `shadow` and `passwd` to authenticate logins. After logging in the user can change their password. Here is the code.... with some key parts replaced by /*******/: .See http://www/dick/cs202/use.cpp Grading: the more steps you complete... the more point. .Close Process . Prologue -- Are we there yet NO! It takes even more paranoia to fix our password system. Look at this .See http://www.codinghorror.com/blog/archives/001263.html .See http://www.codinghorror.com/blog/archives/001267.html issues of the Coding Horror blog to learn the evil in hacker's hearts. .Close CSci202 Laboratory 09 Information Security