Skip to Main Content
Professional Visual Studio® 2008
book

Professional Visual Studio® 2008

by Nick Randolph, David Gardner
July 2008
Intermediate to advanced content levelIntermediate to advanced
1026 pages
27h 59m
English
Wrox
Content preview from Professional Visual Studio® 2008

28.4. Miscellaneous

So far, this chapter has covered the principles and algorithms that make up the primary support for cryptography within the .NET Framework. To round out this discussion, the following sections describe both how to use the SecureString class and how to use a key container to store a private key.

28.4.1. SecureString

It's often necessary to prompt users for a password, which is typically held in a String variable. Any information held in this variable will be contained within the String table. Because the information is stored in an unencrypted format, it can potentially be extracted from memory. To compound the problem, the immutable nature of the String class means that there is no way to programmatically remove the information from memory. Using the String class to work with private encryption keys can be considered a security weakness.

An alternative is to use the SecureString class. Unlike the String class, the SecureString class is not immutable, so the information can be modified and cleared after use. The information is also encrypted, so it can be retrieved from memory. Because you never want the unencrypted form of the information to be visible, there is no way to retrieve a String representation of the encrypted data. The following sample code inherits from the standard TextBox control to create the SecureTextbox class that will ensure that the password entered is never available as an unencrypted string in memory. This code should be placed into ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Professional Visual Studio® 2010

Professional Visual Studio® 2010

Nick Randolph, David Gardner, Michael Minutillo, Chris Anderson

Publisher Resources

ISBN: 9780470229880Purchase book