dotnet security: I want to pass a string password in System.Diagnostics.Process.Start.

The problem is that the defined password parameter is SecureString not
string while my password is string.

Normal casting evaluates to errors.

Please how to cast string to SecureString?

Many Thanks in Advance.

Bishoy

I don't know if you can. I think you have to append on character at a time
to the secure string.

[quoted text, click to view]

[quoted text, click to view]

My impression is that this is deliberate. You can create a SecureString
from a Char * array, or you can add characters into the secure string - you
can even manipulate portions of the string to match editing behaviours in a
dialog box or at the console.

If this is deliberate (and I hope it is), it is to prevent users from
putting passwords into a String and then into a SecureString. The
raison-d'etre of SecureString is to prevent passwords from remaining
unencrypted in memory due to the intermittent nature of garbage collection -
and if you put the password into a String, either on the way into a
SecureString, or on the way out, that String value is subject to the GC's
decision as to when it might be nice to zero out the string and remove it
from memory.

Alun.
~~~~
[MS MVP, Windows - Security]