It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
Hi I'm on my internship and my company told me that I've to implement password complexity using C language. The password must be Alpha numeric (eg h#ll0). Since I'm new to C , I found some difficulty. I google "password complexity in C " but no luck there. Can someone gave me some sample or explain me how to do it programmatically.
Thanks a lot in advance
Kevin
A better Google term would be "strong password":
http://en.wikipedia.org/wiki/Password_strength
But most of the articles you will find will not be for the C language, and they will probably suggest using a regular expression.
It would probably not be too hard to write your own low-level code to do the check as others have suggested. That would save you the trouble of generating a dependency on some C-language regular expression library to use. However, there is an advantage in using a regular expression because it means that non-C programmers would have a better chance at updating the rule at a later date, and it may make errors less likely to boot. It depends on your particular situation.
(Also, if other parts of your C code need regular expressions, then linking one in might be something you're going to need to do anyway and you'd get it "for free"...)
In any case, this StackOverflow question has a link to a regex.h tutorial, and more may be added to it in the future:
C - pellucid regex.h use tutorial
You don't provide enough information. By password complexity I assume you mean password strength.
I'm not in the business of writing code for someone, but if what you're looking to do is determine whether or not a password contains both a letter and a number, is at least n characters long, etc., C has functions you can do this with. isalnum(), isdigit(), and isalpha() come to mind for testing. These all return nonzero values to indicate true.
In terms of speed, C is fast on its own but remember with these that there is no need to parse the entire password -- all you need is for the function to return a nonzero value at some point. (All of these functions parse by character; C strings are char arrays.)
http://icecube.wisc.edu/~dglo/c_class/charfunc.html This is a good little reference for character parsing functions.
It depends on how the password is encoded, you may need an ASCII character chart or a unicode character chart. For each character in the input password, categorize it into groups number, uppercase letter, lowercase letter or special characters and so on.
here are the links to the tables:
http://www.asciitable.com/
http://www.tamasoft.co.jp/en/general-info/unicode.html
Related
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
In C I have noted that pointers result in faster program execution. How is it possible, as it must fetch the pointer variable before going to the actual variable?
Pointers don't result in faster program execution. Smart algorithms result in faster program execution. Sometimes algorithms can be made smarter by using pointers in the right way. Pointers are never a magic wand to throw at problems to make the solutions faster.
Pointers are just a design paradigm though, using functional programming you do not use any pointers at all.
This is not true. The reason for faster program execution is not the availablility of pointers. It's a question of what you do with the pointers. The (possibly) faster program execution yields from the fact that no hidden functionality is introduced with C.
Take a string for example. Common implementations in other languages introduce a length field along with the string in order to keep track of the length of the string. This "bookkeeping" (although hidden from the programmer) causes extra cycles to be executed.
Another example is the fact that C does not check if the pointer you are dereferencing is valid or not. This evaluation would also cost extra cycles.
The C standard does not specify any required speed, so it doesn't make sense to attribute speed to features of C. Consider that some C implementations produce more optimal machine code than others, and it might make more sense to attribute speed to aspects of specific implementations of C1. Don't confuse implementation and specification.
1: To make a meaningful comparison of the speed of specific implementations of C, you'd probably want to mention your OS (major and minor version), your compiler (major and minor version), your CPU (model), mainboard, memory (model and configuration) and the command line arguments you used.
While I am aware every answer to the question come from people far more knowledgeable than me in C (and I am out of my league actually), IMVHO and/or limited knowledge, pointers do improve efficiency.
To answer the OP's question (and ignoring the rest about program execution and fetching):
How can pointers improve program efficiency?
By avoiding duplication of data. Although this efficiency may only be notable when dealing with user-defined variables, "structures".
Here is a nice read I found on C pointers: Why C has Pointers
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
What are the security breaches possible ? or any attacks?
Which argument of the printf function?
printf("%s\n", untrusted_string); is mostly OK, although if output is going to a terminal, and if the terminal responds to control codes, then it potentially could mess up the terminal settings beyond all recognition.
Obviously it also gets interesting when the output of your program is going to be used as executable code. It may not always be obvious to you that it is. For example, suppose you write a program that scans your web server logs and produces an HTML report listing all the URLs visited. Suppose further that I visit http://example/<script>...</script>. I get an error message, but the URL is still logged. If you've printed the input without modification, then you might be in for an educational evening when you review your report files. The user input needs to be sanitized somewhere along the line.
Echoing data that the user has supplied, back the same user, is somewhat safer. However, again in a web context, XSRF attacks are a common technique -- you might think that your users wrote the input themselves, when really they didn't, and so actually you're echoing some attacker's data back to the user. The same could apply even in command-line programs -- if the user supplies a file as a command-line argument, but the file (like my server log above) was written by an attacker, then printing parts of that file back to the user potentially has consequences the user never intended.
None of which is necessarily a reason not to do it. As ever in security, you can't say whether a particular action "is" or "isn't" secure, because it depends on the context in which that action occurs.
printf(untrusted_string); is definitely no good, since the string supplied might be "%s", with undefined behavior. You might think to yourself, "oh, well, it only reads where it shouldn't, what harm can that possibly do?" In which case you will eventually join the long list of people who've been surprised at the ingenuity which attackers show in combining multiple bugs to create a workable attack. Reading where you shouldn't clearly can lead to DoS, but also in combination with other issues could leak sensitive information.
A buffer overflow attack. See http://en.wikipedia.org/wiki/Buffer_overflow
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
Is there any kind of file format that can't be described by BNF?
No, BNF isn't sufficient. BNF describes context-free grammars, which aren't even close to all imaginable grammars. Pretty much all programming languages, most if not all sane data serialization formats, etc. are context-free, but since you asked about theory, the answer is no. For starters, there are context-sensitive grammars, which (if the name didn't tip you off) can't be expressed with context-free grammars. A simple example would be n times a followed by n times b followed by n times c (the same n for each).
Also, grammars only describe, well, the grammar or syntax. Depending on the file format, there may be much more required for some data in that format to be valid (well-formed) - think typechecking in programming languages, for instance. You can't describe such semantics constraints with context-free grammars, or most grammars for that matter. There may be some highly complex ones that can do it in theory. They'd be correspondingly impractical, of course.
Yes. BNF only describes context free grammars. If a file contains a description of its own syntax, the rules for reading such a file couldn't be expressed in BNF. You would need a Turing machine for that. Similarly, if the decision to accept or reject a file can't be expressed by a push down automata then bnf won't work either.
BNF can't perfectly describe English syntax, for example.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
In a recent question I was encouraged to try using some basic data structures such as binary trees, red-black trees, et cetera, before tackling other things like quadtrees.
My experience in C is fairly limited and I am fearful of using pointers for anything but simple data (like 2D grids, image storage and strings), although I am familiar with referencing, malloc, realloc and other trivial actions, I am not used to the "hard" parts of C, which makes such structures hard to tackle from theory, and I don't want to just copy working code into this.
What I'd like to know, in order to tackle basic trees, is a practical application for them. Sort of an exercise with some guidelines (sort of "don't do this or you will kill performance" or "don't do that or this will leak memory"), just to be able to know the practical purpose. Even if I memorize the theory, I still don't know what sort of experiment to conduct in order to understand their application.
I am mostly attempting to use plain C, I don't really understand C++/# code when reading it, although I have certain mastery of the Lua language in case that helps.
So far I've been coding combining Lua for dictionary searches and designing data (and some logic parts) and left all video and audio storage, heavy math and "world" storage in C (using grid structures and a not-too-bruteforced collision detection approach (using a linear array to place objects in 1/24 of the map, nothing complex in code terms)). Because I could always rely on Lua's solid code for some functions, I neglected learning more of C and now I am paying for it with lack of knowledge.
So, to formulate a question: "What is the basic use case for data trees?" The only idea I have so far is using a splay tree to match strings (filenames?) to textures. Is that a valid use? Should I begin with that?
One of the uses for data trees was when writing a parser / compiler. After breaking up the source (Lexical analysis) and running the parsing (verifying grammar), we would build a tree structure of the source code (Syntactic tree), which was then repeatedly visited by the next parts of the compiler.
Another use of trees is when having to match if strings belong to a set of words very quickly, using very little memory, you can use a DAWG (Directed acyclic word graph).
Finally, a classic use is writing a solver for a Travelling Salesman problem using a data tree to store your cities in memory.
The classic Sedgewick Algorithms in C, Part 5: Graph Algorithms is full of examples, also if you have access to it.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
I am suppose to create a vector array in C to use in my project. I have not worked with such data structure before, and can't seem to find good information on it.
Can you provide a link to information or post the information which describes this data structure in regard to its usage, benefits, and the functions it has.
An implementation file would be also useful reference.
"... can't seem to find good information on it." Wat?
Google is pretty much king.
First understand what it is. Then implement based on what you research. You're going to need to understand not only what a vector is, but pointers and structs. Ask your instructor for help, or find a peer to work on this with.
It depends on what you mean by the terms. "Vector" has a very specific mathematical definition, but unfortunately without knowing what you goal is, "vector array" is sort of ambiguous because a vector is an array in a manner of speaking.
If you're doing mathematics in your software, you may actually want an array of vectors as opposed to an array aka vector. But, well, it depends on what you're looking to accomplish. (In my line of work, I need to deal with arrays of vector data, where the vectors are "locations" in 3D space.)
The shortest path would probably be to type:
Vector my_array[4];
...and see if that compiles. If it does not, then an array of Vector objects/structs is not available in your codebase. :)
Look into struct: C/C++ structures and classes.
Simple google search for vector array c
http://www.codecogs.com/d-ox/array/vector.php