Hello people, I want to ask this question...
What is wrong with system("pause") other than the fact that it is OS dependant

Nothing.

Although it is more elegant to run your command-line programs from the Command Prompt.

It's very slow and a insecure.

_Wazzak

How is it insecure?

"system( )" is granted the same rights as your program. Because "pause" is a common command, malicious code can replace the "pause" executable with another malicious program. And when your program executes the "pause" program, it executes the malicious program which has the same rights as your program. No good.

Try it! Create a simple program and replace "pause" with it (keep a copy of "pause" first). Then, execute "pause" from another program. You'll realise just how vulnerable your program becomes with "system( )".

_Wazzak

It is not insecure if you use it correctly; sanitize the shell execution envirionment, sanitize the command string, and make sure that the command that you are executing cannot be spoofed.

Doing this is somewhat hard, so

Do not call system() if you do not need a command processor

http://www.securecoding.cert.org/confluence/display/seccode/ENV04-C.+Do+not+call+system()+if+you+do+not+need+a+command+processor

To pause the program, we do not need a command processor; for instance we can pause the program by waiting for user input: say, with std::cin.get() ;

Because "pause" is a common command, malicious code can replace the "pause" executable with another malicious program. And when your program executes the "pause" program, it executes the malicious program which has the same rights as your program.

I'm pretty sure this won't work, not even on Windows 98.

pause is a command, not an executable. Unless you do system("pause.exe");, you should be safe.

> Unless you do system("pause.exe");, you should be safe.

If you have verified that the ComSpec environment variable is set to <windows dir>\system32\cmd.exe

Ok thanks ppl