Re: [2005] Handling password
SecureString isn't all its cracked up to be really..
The very fact that a textbox which the user enters the data in has a .text property that is a regular string means its not really secure from the start.
The only thing I have seen to mininize exposure of the string, is after you marshal the string to an IntPtr using SecureStringToBSTR(), call Marshal.ZeroFreeBSTR() passing in the IntPtr you got from SecureStringToBSTR()
this obviously requires you expand your code out from being 1 single line...
SecureString is meant to minimize exposure on a given group of chars in memory and on the disk, but is by no means 100% secure. It just makes sure it doesn't hang around too long before being destroyed by the framework