I've never really used the SecureString class before but I've got a requirement in an app to have a user enter a password that will be used later in the application, and I figure SecureString is the most secure way to do this.
I have created a little dialog form where the user will enter their username and password and have set the UseSystemPasswordChar property of the password textbox to True. As I need to keep the password in memory for use later though, I have created a property in my main form that is of type SecureString and when the user enters their password into the dialog window I copy the string from the password box to the SecureString property like so:
vb.net Code:
I figured out how to get the original string back when I need to (with only a slight hint from the documentation I might add), which I do like this:
vb.net Code:
but the problem I have is that I want the user to have the option to edit the password they already entered if they want to. This is a problem because I want to avoid putting the real password back into the password box for security reasons, but then if I just put some random characters in there (just to show that their password has been remembered by the app) and then the user clicks OK on the login diaog form then it will update my ConnectionPassword property and set it to the random characters.
One option would be to set the passwordbox text to something specific each time and then test to see if that is what the text is set to when they click Ok (and if it is then obviously dont update the ConnectionPassword property) but this seems pretty rubbish because its possible (however unlikely) that the user could actually select that word as a password.
Any better suggestions?Perhaps its not worth doing anything at all and just use a normal string as the SecureString is going to have to get converted back to a normal string at some point to be used...
Cheers
Chris
Reply With Quote