SecureString usage
来源:互联网 发布:淘宝同款是主图第一张 编辑:程序博客网 时间:2024/06/05 10:39
Getting and Setting a SecureString in .NET 2.0
SecureString Class
A nice new addition to the .NET 2.0 Framework is the SecureString class making it safe to store sensitive information in memory (e.g. passwords, connection strings). This class takes care of encrypting this information but the class does not provide a very straightforward method for getting and setting its value.
Since the actual value of the string is NOT stored in the memory space of your process it is not really a "managed" value so a bit of marshaling is required to work with it.
Setting a SecureString's value
Fortunately, it is rather easy to set the value of a SecureString ... but it has to be character by character. I assume the reason for this is because you really should not be using any transient/temporary variable to load the data into the SecureString. That would pretty much defeat its purpose. However, there will come a time when you want to set the value of the SecureString FROM another string. That much is simple:
SecureString securePassword = new SecureString();
string insecurePassword = "password";
foreach(char passChar in insecurePassword.ToCharArray()) {
securePassword.AppendChar(passChar);
}
The above code simply iterates through the characters in the string and appends them to the SecureString.
Getting a SecureString's value
It is as difficult, however, to retrieve the value from a SecureString as it was simple to set it. Since the value of the SecureString is not in the application's process space your code has to interact with it via a pointer to a BSTR:
IntPtr passwordBSTR = default(IntPtr);
try {
passwordBSTR = Marshal.SecureStringToBSTR(securePassword);
insecurePassword = Marshal.PtrToStringBSTR(passwordBSTR);
} catch {
insecurePassword = "";
}
This code uses the Marshal static class to retrieve the value of the SecureString into a BTRS and returns its pointer. Next, again using the Marshal class to reads the BSTR into a managed string vairable to be used at will.
Is this secure?
No ... not really. It should be apparent by now that you are taking the value out of a secure, encrypted memory location and putting it right back into an insecure, unencrypted location.
(from http://jasondotnet.spaces.live.com/Blog/cns!BD40DBF53845E64F!148.entry)
- SecureString usage
- Using SecureString
- 认识SecureString 类
- String转SecureString
- usage
- 使用 .NET 2.0 SecureString 类保护敏感数据
- SecureString赋值,和String类型转换
- User Credentials CommandDialog with SecureString password
- How to properly convert SecureString to String
- 建议118:使用SecureString保存密钥等机密字符串
- WinDbg Usage
- cscope usage
- doxygen usage
- Maven Usage
- Vss usage
- mq_notify usage
- CVS Usage
- NETLINK usage
- javascrip replace用法
- psql常用命令大全
- 当前标识(NT?AUTHORITY/NETWORK?SERVICE)没有对“C:/WINDOWS/Microsoft.NET/Framework/v2.0.50727/Temporary?ASP.NET?Files”的写访问权限
- jQuery 1.4特性介绍
- .net开发人员经常浏览的8个网站
- SecureString usage
- asp.net 是什么?
- JS删除确认整理
- actionscript 实现单例模式
- 检测U盘设备插入和拔除状态的代码
- volatile关键字
- split函数参数
- Do you know how crash diets harm your health
- 执行进程间切换