Geeks With Blogs
Chris Breisch   .NET Data Practices
Search this Blog!

This is a simple little password manager like (eWallet) on Code Project.  It's more of a proof of concept than anything else, but it does show off some of the basics of System.Security and why you need to use SecureString instead of String to store sensitive information.

Why do we need SecureStrings? Well, the MSDN documentation is very explicit on this, I will just quote it: "An instance of the System.String class is both immutable and, when no longer needed, cannot be programmatically scheduled for garbage collection; that is, the instance is read-only after it is created, and it is not possible to predict when the instance will be deleted from computer memory. Consequently, if a String object contains sensitive information such as a password, credit card number, or personal data, there is a risk the information could be revealed after it is used, because your application cannot delete the data from computer memory."

Posted on Saturday, October 14, 2006 2:58 PM .NET Development | Back to top

Comments on this post: Simple Password Manager and Why You Shouldn't Use the String Class to Store Passwords

No comments posted yet.
Your comment:
 (will show your gravatar)

Copyright © Chris J. Breisch | Powered by: