
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
996
|
Chapter 17: Security
to call the Clear method to wipe out its data. In this situation, you must either call
the
Dispose method on the SecureString object or rely on the garbage collector to
remove the
SecureString object and its data from memory.
Notice that when you pull a
SecureString object into an unsecure String, its data
becomes viewable by a malicious hacker. So it may seem pointless to go through the
trouble of using a
SecureString when you are just going to convert it into an unse-
cure
String. However, by using a SecureString, you narrow the window of opportu-
nity for a malicious hacker to view this data in memory. In addition, some APIs
accept a
SecureString as a parameter so that you don’t have to convert it to an unse-
cure String. The ProcessStartInfo, for example, accepts a password in its Password
property as a SecureString object.
The SecureString object is not a silver bullet for securing your data. It
is, however, another layer of defense you can add to your application.
See Also
See the “SecureString Class” topic in the MSDN documentation.
17.16 Securing Stream Data
Problem
You want to use the TCP server in Recipe 16.1 to communicate with the TCP client
in Recipe 16.2. However, you need the communication to be secure.
Solution
Replace the NetworkStream class with the