SecureString Class Two Real Usages And Counting!


SecureString Class 

"Represents text that should be kept confidential. The text is encrypted for privacy when being used, and deleted from computer memory when no longer needed. This class cannot be inherited. "

I first was very excited about SecureString introduced in .Net FX 2.0 but as I tried to learn it more and more I could not find real scenarios where I can apply it.

So here it comes:

1. Credential Management with the .NET Framework 2.0 - very detailed and useful article.

"Summary: Get an introduction to the Credential Management API that includes functions for user interface handling and lesser-known functions for managing a user's credential set. Also see a .NET class library that dramatically simplifies the task of credential management, for languages such as C# and Visual Basic .NET, and provides a more elegant and robust approach to credential management for C++ developers. (26 printed pages)"

2. X509Certificate2 (String, SecureString)  - got this one while reading Support Certificates In Your Applications With The .NET Framework 2.0

"You can also load certificates from .pfx files. However, as I mentioned earlier, .pfx files can be password protected [ed. alikl - SHOULD BE, MUST BE?], and you should supply this password as a SecureString. SecureString encrypts the password internally and tries to minimize exposure of it in Memory, page files, and crash dumps"

 

More on SecureString is here on .Net Security Blog:

SecureString Redux

Making Strings More Secure

Got more examples? Share please!

Skip to main content