Menu
Can this be simplified to a one liner? Feel free to completely rewrite it as long as secureString gets initialized properly.
SecureString secureString = new SecureString (); foreach (char c in "fizzbuzz".ToCharArray()) { secureString.AppendChar (c); } 
405
There is no alternative to the SecureString class. The 'alternative' Microsoft encourages is found here: The general approach of dealing with credentials is to avoid them and instead rely on other means to authenticate, such as certificates or Windows authentication.
And yes, SecureString has drawbacks and is not completely secure, there are ways to access to data, for example, injecting Hawkeye into the process is mentioned on MSDN as a way to extract the SecureString.
SecureString uses Windows' Data protection API. It is likely to be strong enough to be unbreakable in practical situations - save rubber hose cryptanalysis. There might be ways to protect data, if you explain in more a detail what you are trying to achieve.
In PowerShell, there are a number of cmdlets that work with something called a secure string. When you create a saved credential object, the password is stored as a secure string.
Just use NetworkCredential. It has the conversion logic built-in.
SecureString ss = new NetworkCredential("", "fizzbuzz").SecurePassword; As others have noted, all of these techniques strip the security benefits of SecureString, but in certain situations (such as unit tests) this may be acceptable.
Update:
As noted in the comments, NetworkCredential can also be used to convert a SecureString back to a string.
string s = new NetworkCredential("", ss).Password; If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
