Is it possible to save a password in a c++ file without leaking my file

Question

I am writing a ftp uploader file in c++ and i cant figure out how to login to the ftp server with the file without putting my password into the code. Here is my code:

void UploadFTP(string uploadFile) {
    ofstream ftpFile;
    ftpFile.open("ftpcmd.dat", ios_base::app);
    ftpFile << "user <USER>\n";
    ftpFile << "<PASSWORD>\n";
    ftpFile << "bin\n";
    ftpFile << "put " + uploadFile + "\n";
    ftpFile << "quit";
    ftpFile.close();
    system("ftp -n -s:ftpcmd.dat <FTPSERVER>");
    remove("ftpcmd.dat"); 
}

how do i put the login credentials into where it says <PASSWORD> without actually putting my password there.

Also if i could get any tips on the line where it says system("ftp -n -s:ftpcmd.dat <FTPSERVER>"); I would like to try to move away from the system command.

If you're running this from the command line, then this may help: [Reading a password from std::cin](https://stackoverflow.com/q/1413445/2602718) — scohe001, Nov 12 '20 at 21:32
FYI, Unix systems store the hashed or encrypted form of the User passwords into a file. You may want to do the same. — Thomas Matthews, Nov 12 '20 at 22:17
Related questions: [Is it possible to hide a password defined within C++ code](https://stackoverflow.com/q/5316562/850848), [Techniques for obscuring sensitive strings in C++](https://stackoverflow.com/q/1648618/850848) — Martin Prikryl, Nov 13 '20 at 07:19
@MartinPrikryl A *hashed* password can be written to a file and read from a file. This is what Unix does. — Thomas Matthews, Nov 13 '20 at 17:02
@ThomasMatthews Unix is in a different position. It just needs to verify that a password hash of the user, that is trying to login, matches the stored hash. But you cannot use password hash to connect to another server. For that you need to know the literal password, not just its hash. — Martin Prikryl, Nov 13 '20 at 18:03

score 1 · Accepted Answer · edited Oct 07 '21 at 11:32

how to login to the ftp server with the file without putting my password into the code.

You can choose one of these options:

Configure the FTP server to not require a password
Let the user input the password
Store the password in a separate file that the program reads

If you wanted to prevent the user from finding out the password, then there is no complete solution. At best you can obscure the password.

I would like to try to move away from the system command.

C++ has no standard API for FTP. You can find the spec here: https://www.rfc-editor.org/rfc/rfc959. You may also need to consult the RFC's which update that one to support additional features such as passive mode.

C++ doesn't even have standard API for TCP which the FTP is runs on. Your operating system may however provide a TCP API for you.

score 1 · Answer 2 · edited Oct 07 '21 at 12:12

The -s option is merely taking commands from a text file and interpreting them as if the user had typed them in. The ftp program takes in a user's password as plain-text, whether that be from STDIN or from file, so there is no option to hide the password in your .dat file.

The solution is to not use system() at all.

On Windows, you can use CreateProcess() instead, which allows you to provide your own redirected STDIN pipe that you can write data to as needed. On 'Nix systems, you can use pipe()+dup2() to achieve the same effect.

This way, your command data is only in memory, never in a file. See Creating a Child Process with Redirected Input and Output, Linux 3.0: Executing child process with piped stdin/stdout, etc.

Or, you can use an actual FTP client library. For instance, Windows' WinInet library, and the libcurl library, both support FTP operations. And there are plenty of other 3rd party libraries that support FTP, too.

Or, you can simply implement the FTP protocol directly in your own code, using common TCP libraries for your target platform(s).

Is it possible to save a password in a c++ file without leaking my file

2 Answers2