Wednesday, January 15, 2014

Working with SecureString class and passwords in .net framework

Working with apps connected to DataBases I almost always use a class to manage all connections and queries to database (avoiding saving passwords in strings). To avoid saving passwords in memory we use class SecureString [System.Security.SecureString].

A very important topic is SecureString implements CriticalFinalizerObject, this means SecureString is considered a "Constrained Execution Region - CER". Out-of-band exceptions are forbidden in CER-type regions and this way we avoid non executed code. Very important: SecureString is not managed code and is our responsability to free that resource.

Using SecureString:

In this example we use SecureString with get & set properties.