|
-
Jan 28th, 2006, 01:01 PM
#1
 [RESOLVED] Using a SecureString
After you set the contents of a SecureString, how do you extract them?
I've searched high and low and many people said you can extract the contents, however, it's not well known but none of them stated how to do so. ToString() just return "System.Security.SecureString"
Any suggestions?
-
Jan 28th, 2006, 01:47 PM
#2
Frenzied Member
Re: Using a SecureString
You can get at it using the marshaller:
Code:
SecureString password = new SecureString();
password.AppendChar('x');
password.AppendChar('y');
password.AppendChar('z');
IntPtr bstr = Marshal.SecureStringToBSTR(password);
byte b = 1;
int i = 0;
// Loop through until we hit the string terminator '\0'
while (((char)b) != '\0')
{
b = Marshal.ReadByte(bstr, i);
Console.Write((char)b);
i = i + 2; // BSTR is unicode and occupies 2 bytes
}
Marshal.ZeroFreeBSTR(bstr);
Mike
-
Jan 29th, 2006, 08:19 AM
#3
Re: [RESOLVED] Using a SecureString
SecureStrings not all that secure after all then 
I don't live here any more.
-
Jan 29th, 2006, 10:50 AM
#4
Frenzied Member
Re: [RESOLVED] Using a SecureString
 Originally Posted by wossname
SecureStrings not all that secure after all then
You're right, they're not 100% secure, but I guess nothing is. SecureString is more secure than a regular string, because they're pinned and encrypted, but effectively they just reduce the exposure and not eliminate it.
Mike
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote