![]() The whole point of using SecureString is to reduce amount of time sensetive data is present in memory, and reduce number of copies of that sensetive data. NET string from SecurePassword property, it does not store it as string internally. What might I be missing in this puzzle? How is the PasswordBox even secure if it contains a Password property in clear text? ![]() Net memory manager/garbage collector, it would seem plausible to me that all they'd have to do is access the PasswordBox control object, rather than a string object in memory and simply access the Password property. However, if the problem is that some application might be sniffing your variables in the. I will admit, I have no clue how these exploits are executed. Net memory, could the same snooping malicious codes simply look for a PasswordBox that is hanging around in memory and find some way to access the Password field, making the use of the SecureString value essentially useless? However, since the point of the secured form of the string is to keep the value secure from a snooping process (I assume) that can read the. I would like to assume that if I never access the Password property within my application, an insecure version of my sensitive information will never be generated and have to be garbage collected. However, there is one major flaw that I see with this control- it has a Password property which is the user-entered content in an insecure. For the sake of security, it provides a SecureString object through the SecurePassword property which is, in my case, secure enough for my needs. Out of the box, the WPF PasswordBox is the go to control for getting passwords, or other sensitive information. I've already asked a couple of questions around the PasswordBox recently, but at the heart of my issue, I need an extremely secure way of getting very sensitive information inputted into my.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |