12.17. Work with Security-Sensitive Strings in Memory


You need to work with sensitive string data, such as passwords or credit card numbers, in memory and need to minimize the risk of other people or processes accessing that data.


Use the class System.Security.SecureString to hold the sensitive data values in memory.

How It Works

Storing sensitive data such as passwords, personal details, and banking information in memory as String objects is insecure for many reasons, including the following:

  • String objects are not encrypted.

  • The immutability of String objects means that whenever you change the String, the old String value is left in memory until it is dereferenced by the garbage collector and eventually overwritten.

  • Because ...

Get Visual Basic 2008 Recipes: A Problem-Solution Approach now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.