System.Security (SecureString, SymmetricAlgorithms) C# WinForm Example - Simple Password Manager
The Code Project - Simple Password Manager Using System.Security
"The main goal of this application is to show how easy is to work with System.Security
(SecureString
, SymmetricAlgorithms
) in a Windows Forms project. The application uses the SecurePasswordTextBox
control made by Paul Glavich. SecurePasswordTextBox
is a Windows Forms TextBox
control that uses the .NET V2 SecureString
class to store its contents. More details about this control can be found at Paul Glavich's blog.
Why do we need SecureString
s? Well, the MSDN documentation is very explicit on this, I will just quote it: "An instance of the System.String
class is both immutable and, when no longer needed, cannot be programmatically scheduled for garbage collection; that is, the instance is read-only after it is created, and it is not possible to predict when the instance will be deleted from computer memory. Consequently, if a String
object contains sensitive information such as a password, credit card number, or personal data, there is a risk the information could be revealed after it is used, because your application cannot delete the data from computer memory." So, as a programmer, you must make sure that the sensitive data that you are dealing with in your applications like passwords are as much as possible protected. In my manager, I am receiving the password string as a SecureString
with help from the Paul Glavich's control, and then I encrypt it with a symmetric algorithm (Rijndael) for storage and internal use. There is a moment when you can't protect the string, and that moment comes when the user wants to see his password in clear, or wants to paste it into a web page. ..."
This is another SecureString related project that I'd like to look at...
Related Past Post XRef:
SecurePasswordTextBox - A SecureString TextBox
No comments:
Post a Comment