AutoPtr<DiskStorage> storage = DiskStorage::create(inputFile); // You had better use String instead of char arrays. String username, password; // Obtain the username and password. // Also in this function you should zero-clear any string buffers that // may temporary preserve the information input by the user. showAuthDialog(username, password); // Creates a CredentialProvider instance from username/password pair. AutoPtr<CredentialProvider> credProv = CredentialProvider::createFromStrings(username, password); // Clearing the string is strongly encouraged to reduce security risks. // Anyway, if these variables are in the local scope, they are zero-cleared // on the destruction. username = NullString; password = NullString; // Load Doc instance from the storage. // inCredProv is used only when the file requires authentication. AutoPtr<Doc> doc = inSystem->load(inStorage, inCredProv);
The CredentialProvider instance created above preserves the user account with encryption (the acutal implementation is OS specific; we use the secure storage system provided by the operating system and you can also use the system by SecureString) and it prevents the leak of the sensitive information even on dumping the memory and it is far more secure than simply storing accounts in the C/C++ style strings.