May 27, 2004

Making Strings more Secure in Whidbey

Shawn posted an interesting piece on making strings more secure under Whidbey. Using the System.String class has never been considered secure because it was always quite easy for the data to move in memory, potentially leaving a footprint of sensitive data such as passwords in various parts of memory.

In Whidbey, Microsoft has introduced a new object called SecureString that does just that. Using the Data Protection API (DPAPI) the string will be held in memory encrypted until which time it is used, making it much more difficult to read. Further to this the data is pinned, preventing multiple copies to be scattered around in different memory locations. Shawn does a great job of explaining how this all works, so I will leave the excercise of learning just how to use this to you... by reading his post on SecureString.

Posted by SilverStr at May 27, 2004 07:56 PM | TrackBack