0

I have came across a situation as follows and I am getting following warning from the compiler.

    Main.cpp:14:22: warning: deprecated conversion from string constant to ‘char*’ [-Wwrite-strings]
   Login(USER,PASSWORD);

Here are the codes Passwords.h

#define USER "user"
#define PASSWORD "pass"

Main.cpp

#include <iostream>
#include "Passwords.h"

using namespace std;

void Login(char* username,char* password)
{
  cout << "UserName is " << username <<endl;
  cout << "Password is " << password <<endl;
}

int main()
{
  Login(USER,PASSWORD);
  return 0;
}

One thing I decided to do was to introduce a global variables in the Passwords.h file. But I really like to know what is the best practice to solve this issue.

I hope no one will mark this as duplicate as same question is asked. I need to eliminate this warning in legitimate way and looking for a best practice as many answers for the same problem gave some hacks to turn off compiler warnings and some casting solutions.

Update

The Login function is actually a virtual function so the parameter datatypes cannot be changed from char * to const char*. I used the specific code segment for simplicity.

Isura Nirmal
  • 777
  • 1
  • 9
  • 26
  • The highest-scoring (note: not accepted) answer in the first related link on the right gives an acceptable solution: http://stackoverflow.com/questions/59670/how-to-get-rid-of-deprecated-conversion-from-string-constant-to-char-warnin?rq=1 Is that legitimate enough for you? – chris Feb 01 '17 at 15:12
  • 3
    Use `std::string` – NathanOliver Feb 01 '17 at 15:12
  • @NathanOliver, disagree. No need for `std::string` here, would be an extra conversion for nothing. – SergeyA Feb 01 '17 at 15:14
  • 2
    It's naughty to use contiguous data to store a password as it's not secure. So `char*` and `std::string` are both inappropriate. – Bathsheba Feb 01 '17 at 15:15
  • @Bathsheba I hope you're not judging the question on that basis. – Mark Ransom Feb 01 '17 at 15:17
  • @MarkRansom Absolutely not. It's a good question. Well written, with a good code snippet. Have an upvote! (I wouldn't dare answer it though ;-) ) – Bathsheba Feb 01 '17 at 15:17
  • Thank you for pointing the previous question on this but I am specifically asking for a way to address this problem other than using compiler warnings off and casting which is highly discussed in that answer. Thanks for @Bathsheba and Mark ! – Isura Nirmal Feb 01 '17 at 15:22
  • Seriously, if this is a production system, then my advice to you would be to set some time aside and develop a solution on the lines of http://stackoverflow.com/questions/3785582/how-to-write-a-password-safe-class In other words, throw the baby out with the bathwater and start afresh. – Bathsheba Feb 01 '17 at 15:23

3 Answers3

3

But I really like to know what is the best practice to solve this issue.

The best practice is to use pointers/references to const when no modification is made to the pointed object/array. You should make the following change to the parameters:

void Login(const char* username, const char* password)

Conversion from string literal to const char* is well-formed and not deprecated.

the parameter datatypes cannot be changed from char * to const char*

Your requirement excludes the best practice shown above. Given this restriction, you should not pass a string literal to the function. The options left are workarounds. The workaround that I would suggest is to create a local copy of the literal, and pass that instead:

char user[] = USER;
char pass[] = PASSWORD;
Login(user,pass);

PS. Since C++11 the conversion from string literal to char* is not only deprecated, but ill-formed instead. A compiler conforming to the current standard may refuse to compile the program.

PPS. As pointed out in the comments, storing a password within the executable as plain text (which is the way string literals are stored) is dubious from security perspective.

eerorika
  • 232,697
  • 12
  • 197
  • 326
2

Given that you can't change the function signature to something more appropriate, you're stuck. Bad code forces more bad code.

In this case you need to copy the strings to something that isn't const.

int main()
{
  char user[] = USER;
  char password[] = PASSWORD;
  Login(user,password);
  return 0;
}
Mark Ransom
  • 299,747
  • 42
  • 398
  • 622
1

Just do 

void Login(const char* username, const char* password)

While you are on it, replace define with constexpr.

SergeyA
  • 61,605
  • 5
  • 78
  • 137