0

I was creating a form with a password box and was getting an error when I was trying to bind it to a property in my view model.

I did a bit of research and found out that because of security reasons it was made not bindable. I am not really a person who can just accept that, I want to know the reason why. What makes naming the property and calling .password more secure than it being bound to a property in the view model?

I also found out that you can use attached properties to make it bindable. Is this any more secure?

Keithin8a
  • 961
  • 7
  • 32
  • Like you said, for security reasons. The best way to get around it is to use a `Command` and send the entire `PasswordBox` element through the `CommandParameter`. – Mike Eason Jun 04 '15 at 10:25
  • But my question is what are the security reasons which make it less secure than calling the named object? – Keithin8a Jun 04 '15 at 10:30
  • I like your idea of using a command, that seems like a nice elegant solution. And is a lot easier than writing an attached property to do exactly what it was designed not to. – Keithin8a Jun 04 '15 at 10:32
  • 1
    Check this you will get it http://stackoverflow.com/questions/23031549/is-it-a-bad-idea-to-bind-passwordbox-password – Dinesh balan Jun 04 '15 at 10:35
  • @Keithin8a Would you like me to post some sample code as an answer? – Mike Eason Jun 04 '15 at 11:06
  • I was thinking they'd be taking advantage of the use of CLR property accesors to secure the text, but just tried some little example and the Password property returns the plain text unencrypted, so... No advantage there. I'm clueless now, to be honest. – almulo Jun 04 '15 at 12:36
  • @almulo Have you tried using [SecurePassword](https://msdn.microsoft.com/en-us/library/system.windows.controls.passwordbox.securepassword.aspx)? – Nemanja Banda Jun 04 '15 at 13:07
  • @noxbyte Yes, but I mean that the Password property exposes the password in plain text anyway, no matter if you make a Binding to it or not, which makes it not exactly secure. The only thing a Binding could make worse is making the property stay in memory for a longer time... – almulo Jun 04 '15 at 13:36
  • If I wrote an attached property so that I can use bindings I am assuming that that would leave it in unencrypted space for longer than using .Password or .SecurePassword. Or is that a safe way to get it to work in an mvvm model. I don't know much about attached properties so forgive me if I have just said something daft. – Keithin8a Jun 04 '15 at 14:19
  • @almulo PasswordBox stores the password value internally as SecureString. – Nemanja Banda Jun 04 '15 at 14:32
  • @Keithin8a If you are not concerned that much about security in this case, nothing is stopping you from using binding anyway. But best way would be to use SecurePassword to get the value, do what you need to do with it quickly and not keep it in memory longer than needed. – Nemanja Banda Jun 04 '15 at 14:32
  • The difficulty is with MVVM really isn't it. I don't know why they haven't made it more flexible. I read that Java pass passwords about as char arrays to make it more secure, I wonder why something like that wasn't used. Anyway I have found something else in the application which uses a custom password box so I guess if it was good enough for there it will be good enough for me. – Keithin8a Jun 04 '15 at 14:42

2 Answers2

1

The reason you are asking for is that you should never have plain text passwords in memory. Having Dependency Property for Password exposed would require the framework to keep the password unencrypted in memory until it gets garbage collected, which is considered security problem.

Nemanja Banda
  • 796
  • 2
  • 14
  • 23
  • So when you are calling passwordBoxName.password, is the framework not then putting it into unencrpyted memory? – Keithin8a Jun 04 '15 at 10:41
  • Security risk always exist, but when using property directly, at least it would exist in memory for much shorter period of time compared to exposed DP. And you should also be using SecureString. – Nemanja Banda Jun 04 '15 at 10:45
0

Using tools like WPF Inspector or Snoop you can spy the password string. So it is insecure to bind the password

Dinesh balan
  • 495
  • 4
  • 15