ansaurus

Question

Using SecureString

Answer 1

+4 A:

Apart from using unsafe code and a char*, there isn't a (much) better way.

The point here is not to copy SecureString contents to/from normal string ("fizzbuzz" is a securityleak).

Henk Holterman 2010-03-10 20:06:18

Beat me to it -- +1. Plus the additional changes you need to make to allow for unsafe code negates any "savings" on lines of code.

Austin Salonen 2010-03-10 20:08:15

Don't most passwords originate in most software as strings and then need to be converted to a SecureString? Not sure what you mean by "not to copy SecureString contents from normal string". In normal circumstances that would be string password. "fizzbuzz" is just a homage.

Todd Smith 2010-03-10 21:35:42

Yes, and that greatly reduces the usability of SecureString.

Henk Holterman 2010-03-10 22:04:21

SecureString is a property of ProcessStartInfo and is needed for Process.Start(). Blame MS not the messenger :)

Todd Smith 2010-03-10 22:21:14

If you're collecting a SecureString from keystrokes, you don't actually have an original string. This, I believe, was the original intent of SecureString.

Doug 2010-08-25 16:11:32

Answer 2

+2 A:

You could use Linq:

"fizzbuzz".ToCharArray ().ToList ().ForEach ( p => secureString.AppendChar ( p ) );

-sa

Sascha 2010-03-10 20:06:47

+1 Actually, I think that´s the same that @Tod proposed, but with less lines.

Javier Morillo 2010-03-10 20:28:37

I guess I can throw this into an extension method to get what I'm after: processInfo.Password = new SecureSring ().FromString ("fizzbuzz")

Todd Smith 2010-03-10 21:30:18

ansaurus

tags:

views:

answers:

Using SecureString

related questions