0

Apparently, using SecureString with ASP.NET doesn't really make sense because ASP.NET automatically stores request parameters in plain text. But is there a way to hack ASP.NET to make SecureString usable in this scenario?

For example, would it be possible to do something to hook into the ASP.NET pipeline before it has a chance to stash all of the request parameters in memory? Something like a module, but I'm guessing that is too late.

Community
  • 1
  • 1
John B
  • 20,062
  • 35
  • 120
  • 170
  • And where to store it if not on memory ? I mean that you must have them somewhere.... – Aristos Jun 25 '13 at 19:42
  • Well maybe the code that parses the raw Request data into the Request.Params collections could be overridden to use SecureString instead for certain keys? – John B Jun 25 '13 at 19:48
  • The `Request.Params` reads all the QueryString, Form, Cookies and ServerVariables, all that are already public, especial the url parameters (query string). – Aristos Jun 25 '13 at 19:52

0 Answers0