I want to use SecureString to store some confidential data.
But I saw remarks
We don't recommend that you use the SecureString class for new development.
So I would like to know if there are alternatives to SecureString?
Asked
Active
Viewed 949 times
0
-
From the [GitHub page on Secure String](https://github.com/dotnet/platform-compat/blob/master/docs/DE0001.md): "Don't use SecureString for new code. When porting code to .NET Core, consider that the contents of the array are not encrypted in memory. The general approach of dealing with credentials is to avoid them and instead rely on other means to authenticate, such as certificates or Windows authentication." – Jamie Taylor Apr 30 '19 at 12:13
1 Answers
4
Recommendation
Don't use SecureString for new code. When porting code to .NET Core, consider that the contents of the array are not encrypted in memory.
The general approach of dealing with credentials is to avoid them and instead rely on other means to authenticate, such as certificates or Windows authentication.
https://github.com/dotnet/platform-compat/blob/master/docs/DE0001.md
Pang
- 9,564
- 146
- 81
- 122
evilGenius
- 1,041
- 1
- 7
- 16
-
1This doesn't help when credentials are not what is being stored as a secret. – ryanwebjackson Jan 20 '22 at 20:35
-
1@ryanwebjackson - Take a look at [this](https://stackoverflow.com/a/15342230/1016343). It shows some alternatives. – Matt Jan 21 '22 at 07:43