Menu
Is it in any way better to do this
char[] sec = { 'a', 'b', 'c'};
SecureString s = new SecureString();
foreach (char c in sec) {
s.AppendChar(c);
}
IntPtr pointerName = System.Runtime.InteropServices.Marshal.SecureStringToBSTR(s);
String secret = System.Runtime.InteropServices.Marshal.PtrToStringBSTR(pointerName);
than this
String secret = "abc";
or this
char[] sec = { 'a', 'b', 'c'};
String secret = new Secret(sec);
if I want to protect "abc" from beeing detected in decompiled MSIL code?
681
SecureString will protect your string once in memory, the string compiled into your MSIL will still be there in plain. If you need to hide sensitify information conside something like an encrypted app.config as described here: http://weblogs.asp.net/jgalloway/archive/2008/04/13/encrypting-passwords-in-a-net-app-config-file.aspx
HTH Dominik
182
No. SecureString exists to prevent sensitive text (such as passwords) from being held in memory.
41
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
