Menu
In the .NET API for Windows Store Apps the SecureString class is missing. Also PasswordBox does not store the password in a secure string. What's the equivalent to store strings securely in a Windows Store App? Or do Windows 8 have some secure mechanism to prevent others from reading the application's memory (or memory dump after deliberately crashed)
893
There is none. The omissions in the .NET api for Store apps were made either because a class just could not work in a WinRT app because it relied on unavailable OS support, because the opportunity was there to cut some dead wood in the framework or because the class just plain doesn't make sense in a Store application.
The omission of SecureString heavily favors the "doesn't make sense" explanation. No attacker would ever go through the trouble of trying to dig the string out of multiple gigabytes of swap file data. It is much easier to just download your app from the store and use a debugger in the comfort of his own home.
155
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
