So, yesterday I came across a class called SecureString.
Let's check it out in this blog.
It is placed under the System.Security namespace.
We can use this class to store values that are confidential in nature viz passwords, credit-card details etc. This class ensures that the object is deleted from the memory when it is not required anymore.
The main difference between a normal String and SecureString is that a String is immutable(an object whose state cannot be modified once it is created) but when it's job is done cannot be removed from the memory. In other words, we do not have any control over when it will be GC'ed. So, this leaves us with a potential risk of this sensitive information being revealed.
Here, SecureString comes to our rescue. SecureString can be modified till we explicitly mark it as read-only. It can be removed from memory by calling the Dispose method explicitly or by the GC.
One major problem that I see with passwords being stored as plain-text in memory is the crashes. As we all know, Windows is notorious for crashing(much better nowadays as compared to the past). Suppose you are using an application which asked for your username and password. It was stored as plain-text in the process. Now, that process crashes and a crash dump gets generated. If that crash dump gets transmitted to crash analysis service, someone unauthorized can access your username and password from a big enough crash dump. Think about it.
It is still very limited in it's ease of use. One prominent API which stores the value as SecureString is NetworkCredential. It exposes two properties which expose the value as SecureString as well as String. NetworkCredential class is used to store the credentials for password-based authentication schemes like Kerberos, NTLM, basic and digest.
Nice article on this topic: How to properly convert SecureString to String.
Let's check it out in this blog.
It is placed under the System.Security namespace.
We can use this class to store values that are confidential in nature viz passwords, credit-card details etc. This class ensures that the object is deleted from the memory when it is not required anymore.
The main difference between a normal String and SecureString is that a String is immutable(an object whose state cannot be modified once it is created) but when it's job is done cannot be removed from the memory. In other words, we do not have any control over when it will be GC'ed. So, this leaves us with a potential risk of this sensitive information being revealed.
Here, SecureString comes to our rescue. SecureString can be modified till we explicitly mark it as read-only. It can be removed from memory by calling the Dispose method explicitly or by the GC.
One major problem that I see with passwords being stored as plain-text in memory is the crashes. As we all know, Windows is notorious for crashing(much better nowadays as compared to the past). Suppose you are using an application which asked for your username and password. It was stored as plain-text in the process. Now, that process crashes and a crash dump gets generated. If that crash dump gets transmitted to crash analysis service, someone unauthorized can access your username and password from a big enough crash dump. Think about it.
It is still very limited in it's ease of use. One prominent API which stores the value as SecureString is NetworkCredential. It exposes two properties which expose the value as SecureString as well as String. NetworkCredential class is used to store the credentials for password-based authentication schemes like Kerberos, NTLM, basic and digest.
Nice article on this topic: How to properly convert SecureString to String.
No comments:
Post a Comment