I want to clear "immutable" string contents -- dotnet clr

cppdev9 NO[at]SPAM yahoo.com
8/19/2003 9:57:41 AM

Hi All!

I want to clear the string contents from sensitive information
such as passwords, and etc.

It's always a case that password will appear as string at some point
or another. And i feel uneasy leaving it hanging in memory indefinitely
(especially in case when string is Interned).

So at leats for the case when string is not interned i propose:

string pass = Console.ReadLine();
if (string.IsInterned(pass) == null)
{
unsafe
{
fixed(void* pv = pass)
{
char* pb = (char*)pv;
for(int i =0; i<pass.Length; ++i)
pb[i] = '0';
}
}
}
Console.WriteLine(pass);

Note: explicit RuntimeHelpers.OffsetToStringData is not needed.

cppdev9 NO[at]SPAM yahoo.com
8/20/2003 9:01:09 AM

Hi,

I would love to use byte[] or char[],
but it's not my choice. I'm using TextControl
to get information from the user in winform.
And it only has Text property.

[quoted text, click to view]

Edward Yang
8/20/2003 1:01:08 PM

Hi,

Since you know that strings are immutable, you can't clear or modify them in
any way (in theory).

Why not use a char array instead to store your password chars? It is at your
own disposal to create the array and destroy it. A few chars won't take up
too much memory.

Edward

[quoted text, click to view]

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages about dotnet clr

dotnet clr : I want to clear "immutable" string contents