String Suggestions for Speed and Security


Dave Fetterman has put together an excellent set of recommendations for string comparision practices.  Now I am really pleased by this because:



  • these recommendations are going to help you to avoid some nasty security weaknesses that might otherwise plague you
  • you get to use ordinal based comparisons more often and they are by far the fastest and cheapest

Speed and Security?  Say it isn’t so!


http://msdn.microsoft.com/netframework/default.aspx?pull=/library/en-us/dndotnet/html/StringsinNET20.asp


 


Comments (7)

  1. Time to brush up on your string handling techniques and be introduced to the StringComparison enumeration …

  2. Time to brush up on your string handling techniques and be introduced to the StringComparison enumeration …

  3. Ryan Lamansky (Kardax) says:

    Unfortunately, the article doesn’t address two major issues:

    1) How does this impact the == operator for string comparison in C#?

    2) Is it safe to switch on a string in C#?

  4. ricom says:

    OK I don’t have this memorized so I’m going to guess for fun then look it up later.

    I’m pretty sure both == and the switch statement require exact equality in C#. So that would make them like the case sensitive ordinal compare.

    Let’s see how I do :)

  5. ricom says:

    Looks like I’m right. The switch uses operator== which in turn uses the default String.Equals.

    The article actually covers == in the discussion of String.Equals though it doesn’t mention switch. All of this is easy enough to verify by looking at the IL.

    String.Equals

    Default interpretation: Ordinal

    The String class’s equality methods include the static Equals, the static operator ==, and the instance method Equals. All of these operate by default in an ordinal fashion. Using an overload explicitly stating the StringComparison type is still recommended, even if you desire an ordinal comparison; in this way, searching code for a certain string interpretation becomes easier.

  6. Time to brush up on your string handling techniques and be introduced to the StringComparison enumeration …