Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Portability of STL string

Status
Not open for further replies.
Haunter

Haunter

Programmer
Jan 2, 2001
379
0
0
US
I have been asked to write a string wrapper class to guarentee to portablity/security of the code manipulating strings. The request is to really avoid STL string class as much as possible and avoid use of the cstring class for security reasons.

I am not sure what is and what is not "portable enough" in the STL library to even begin work. I know that manipulation of strings is common and I am sure that this question may have arised before but have not seen it documented. I have contemplated two type implementations. The first is to inherit the string.h class and override the problem areas but I dont know where those areas are:(. The second is to start from the ground up but I fear this will be less secure than tested code and security is also a big issue. Any thoughts would be appreciated. If I started from the ground up how would you do it? I dont wouldnt know how to start to reinvent the wheel..

Thanks


haunter@battlestrata.com
 
Sort by date Sort by votes
1. STL string class is a portable one by definition because of STL is a part of the C++ language Standard.

2. Security or robustness or what else?.. I think a security notion is not applicable in that case (text string representation - work horse of any real program). It's the same thing as a security of int or double type: stl::string is effective and manages memory allocation - that's enough (or not?).

3. It's not the best practice to expand basic STL classes (as stl::string, for example). These classes are obviously final. For example, no virtual functions etc. All stl::string wrappers I have ever seen was awkward and useless artifacts...

So it seems specifications above are not correctly defined.
 
Upvote 0 Downvote
>The request is to really avoid STL string

Whoever gave that request should explain him/her/itself.

>the problem areas but I dont know where those areas are

Heh, yeah, well it's hard to suggest a solution when you don't know the problem.

/Per
[sub]
"It was a work of art, flawless, sublime. A triumph equaled only by its monumental failure."[/sub]
 
Upvote 0 Downvote
From a functional point of view, the std::string class should be regarded as secure (it's not going to leak or trash memory), and it's available everywhere a C++ compiler exists.

The only insecure "feature" I can think of is leaving text fragments in memory which is freed by the string when it is no longer required. This information leak might be important if you're storing say passwords (or other confidential information).

If this is the case, then you have a whole host of side-issues to worry about as well, like what happens to your OS swap space for example.

--
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Ogi
  • Locked
  • Question
Issue with string conversion
Replies
0
Views
37
Ogi
Ogi
heiron
  • Locked
  • Question
find process address pointer + offset
Replies
0
Views
94
heiron
heiron
xwb
  • Locked
  • Question
Syntax for the destructor of a nameless class
Replies
1
Views
56
ArkM
ArkM
srk24
  • Locked
  • Question
Use of default constructor over assignment operator
Replies
3
Views
43
ArkM
ArkM
RileyCat
  • Locked
  • Question
RegEx Pattern to Split String in C++ 1
Replies
1
Views
54
xwb
xwb

Part and Inventory Search

Sponsor

Back
Top