0

I have just a general question: I don't quite understand when i have to use a secure string and when it is ok to use a normal string.

For example lets say i want to use PrincipalContext in my application.

PrincipalContext has multiple Constructors, few of which accept a password as a string.

PrincipalContext(ContextType type, String name ,String username, String password)

Would it cause a security problem if i pass a password as a string in this constructor? Would the password be visible in plain text anywhere? Could a hacker theoretically read this password?

Would there be a way to use a secure string instead?

I am new to the security part of programming, so i would really appreciate if someone could help me understand this.

Thank you!

calgara12
  • 117
  • 11
  • It depends on to what "hacker" has access to. – SᴇM Jul 25 '19 at 09:52
  • @SᴇM What would he need access to that it would become a problem? – calgara12 Jul 25 '19 at 09:59
  • 1
    For example access to memory (or its snapshots). `SecureString` instead allocates a block of unmanaged memory that contains an array of characters. – SᴇM Jul 25 '19 at 10:09
  • Take a look at this post: [Is SecureString ever practical in a C# application?](https://stackoverflow.com/questions/26190938/is-securestring-ever-practical-in-a-c-sharp-application) – SᴇM Jul 25 '19 at 10:13
  • If hacker can get memory dump somehow, then plain string is too visible. @SeM, `SecureString` also encrypts the data (by calling [ProtectMemory](https://referencesource.microsoft.com/#mscorlib/system/security/securestring.cs,f60a61313d134bbc,references)) so memory dump will be pretty useless. – Sinatr Jul 25 '19 at 10:14
  • @Sinatr Yea, I know, I just wanted to warn OP that he needs to deal with unmanaged memory working with `SecureString`. – SᴇM Jul 25 '19 at 10:17
  • But have in mind, that Microsoft recommends to **not** use `SecureString` for new codes. – SᴇM Jul 25 '19 at 10:25

2 Answers2

1

If your environment (GUI, storage, data access objects, ...) supports SecureString, then keep the passwords in SecureString as long as you can (all the way if possible). If not, there is no other choice as to use a string.

Using SecureString is an advantage, because the app can control the memory containing the password and can clean it up if not used anymore (a string depends on the garbage collector). On the other side it gives an attacker a clue of where to look for interesting information, though with having access to the memory already this seems not to be a big thing.

To answer your question, no it doesn't make your application unsecure, but if there is the possibility to keep the password in SecureString all the way, it should be done.

martinstoeckli
  • 23,430
  • 6
  • 56
  • 87
-1

Strings are immutable and can be accessed when some other process dumps it before the Garbage collection handles it.

Reference link.

Naveen Kumar V
  • 2,559
  • 2
  • 29
  • 43