Geeks With Blogs
Saqib Ullah BootStrapper Know How
There is a new class, System.Security.SecureString . To understand the purpose of this class, think about eg. a password. You probably never want anyone to see the password, but if you store it in a simple System.String instance there are some security risks. For example, how do you get rid of the value when you've finished with the string? You can set the reference to the string to null , but the value itself is still in the managed heap. Indeed there may be several copies of it lurking around if the garbage collector has moved it during previous collections. Bluntly, the heap was never designed to guard against someone going through it with a memory dump tool. SecureString solves this kind of issue. Assigning a value to secure string is pretty simple and just like assigning a value to a string, eg: System.Security.SecureString pword = new System.Security.SecureString(); pword = "admin"; pword.Clear(); The value is stored in an encrypted form, and SecureString also has a Clear() method that completely wipes out the data. Extracting the value from a secure string is possible but complicated - and not often done. Posted on Wednesday, November 29, 2006 11:52 PM .Net , Security | Back to top


Comments on this post: Password with System.Security.SecureString Class in .Net 2.0

# re: Password with System.Security.SecureString Class in .Net 2.0
Requesting Gravatar...
how to assign value. you have poseted wrong info.
pword = "admin"; never works.
Left by duggal on Oct 07, 2008 8:08 PM

# re: Password with System.Security.SecureString Class in .Net 2.0
Requesting Gravatar...
You can assign a value to a SecureString as follows:

SecureString secureString = new secureString();
string myPassword = "secret";

foreach (char c in myPassword)
secureString.AppendChar(c);

secureString.MakeReadOnly();
Left by Cassidy on Jan 07, 2009 12:11 PM

# re: Password with System.Security.SecureString Class in .Net 2.0
Requesting Gravatar...
I hope no one ever assigns a value like Cassidy shows. That method still generates a clear text string on the heap and can still be extracted. You have to move away from thinking of whole strings and start thinking about character by character operations here. You assign the value of a SecurityString by using the class's AppendChar(char) method and you call this on each keypress. That event handler should look like this:

System.Security.SecureString ss = new System.Security.SecureString();

public Form1()
{
InitializeComponent();
}

void Form1_KeyPress(object sender, KeyPressEventArgs e)
{
try
{
switch (e.KeyChar)
{
case (char)Keys.Enter:
ss.MakeReadOnly();
HandleSecurePassword(ss);
break;
case (char)Keys.Back:
ss.RemoveAt(ss.Length - 1);
break;
default:
if (!ss.IsReadOnly())
{
ss.AppendChar(e.KeyChar);
}
break;
}
}
catch (ObjectDisposedException)
{
ss = new System.Security.SecureString();
MessageBox.Show("your string was disposed at some point. you should be able to try again");
}
catch (ArgumentOutOfRangeException)
{ } //do nothing. at best you're trying to press backspace on an empty string. this isn't special enough to warrant a modal dialog. maybe after 1000 tries you might want to pop up and tell the user they're doing something stupid. ;)
}

private void HandleSecurePassword(System.Security.SecureString ss)
{
//logic goes here
}
Left by Michael on Apr 29, 2011 3:21 AM

# re: Password with System.Security.SecureString Class in .Net 2.0
Requesting Gravatar...
Another comment. After you press enter and HandleSecurityPassword executes you should be able to just new another SecurityString object to ss if that would make sense in what you're trying to do. Otherwise, according to this code, ss's value will never change after you press enter.
Left by Michael on Apr 29, 2011 3:24 AM

# re: Password with System.Security.SecureString Class in .Net 2.0
Requesting Gravatar...
<a href=http://www.cheapsneakercn.com">cheap shoes
Left by xueyaliu on Jul 08, 2011 5:51 PM

# re: Password with System.Security.SecureString Class in .Net 2.0
Requesting Gravatar...
What youre saying is completely true. I know that everybody must say the same thing, but I just think that you put it in a way that everyone can understand. I also love the images you put in here. They fit so well with what youre trying to say. Im sure youll reach so many people with what youve got to say.
Left by New Year 2012 on Jul 26, 2011 9:11 AM

# re: Password with System.Security.SecureString Class in .Net 2.0
Requesting Gravatar...
Great post! I?m just starting out in community management/marketing media and trying to learn how to do it well - resources like this article are incredibly helpful. As our company is based in the US, it?s all a bit new to us. The example above is something that I worry about as well, how to show your own genuine enthusiasm and share the fact that your product is useful in that case
Left by Singapore Travel on Jul 26, 2011 9:13 AM

# re: Password with System.Security.SecureString Class in .Net 2.0
Requesting Gravatar...
I must admit that this is one great insight. It surely gives a company the opportunity to get in on the ground floor and really take part in creating something special and tailored to their needs.
Left by Holiday Forum on Jul 26, 2011 9:16 AM

# re: Password with System.Security.SecureString Class in .Net 2.0
Requesting Gravatar...
pale yellow and lavender in spring will be a good deal much less high-priced. Also choosing colours that are readily available can cost less than obtaining custom fabric with alternative of certain colours.



Left by Inexpensive Bridesmaid Dresses on Dec 18, 2011 6:25 PM

# re: Password with System.Security.SecureString Class in .Net 2.0
Requesting Gravatar...
I think this is one of the most important information for me. And i am glad reading your article. But want to remark on some general things, The site style is ideal, the articles is really great
Left by agen bola on Jan 06, 2012 11:23 AM

Your comment:
 (will show your gravatar)


Copyright © Saqib Ullah | Powered by: GeeksWithBlogs.net