Thursday, March 01, 2001 ..:: Home ::.. Register  Login
   TechTidBits (Blog)  

Too many secrets!

Oct 30

Written by:
Friday, October 30, 2009 1:36 PM  RssIcon

Secrets in C#?  Ya!  Right, there aren't too many of those!  So how DO you keep strings from being publically exposed to anyone watching?  Read on to find out!

Too many secrets

How do YOU keep track of your passwords in your web apps?  Let me guess, you use a string object right?!  Let me do my famous Amazing Kreskin imitation........when you're debugging your apps, you sometimes snoop in on those strings?  hhhmmm I thought passwords were supposed to be kept secret, no?  THEN why are they so wide out in the open and openly accessible?  WTF?

If you're wondering the samething I am, then here's a little known class that could help you out, SecureString.  This class is part of the System.Security namespace and has some differences compared to the string/String class.

Comment String SecureString
contains a string y y
contents cleartext y n
immutable y n
.ToString() gives you back the string you want/expect? y n
CLR can move the string in memory as it sees fit? y n
.Equal works? y n
COM visible y n
easily accessible (prying eyes are free to poke around?) y n
CLR can make multiple copies as it sees fit? y n
If dumped to minidump, is string readable y n

All this to say, if you have a string containing valuable information, chances are you don't want prying eyes (or fast fingers) poking around with it, and that includes the CLR and GC!  Now, the SecureString class lets you encrypt a string quite easily as shown here.

      string password = "GoHabsGo!";

      SecureString securePassword = new SecureString();
      foreach( char c in password )
        securePassword.AppendChar( c );

Getting it out is a bit more difficult, as you can or should expect.  Hey, it's encrypted, you can't expect to just do a .ToString() on it right?  To retrieve the string in useful form, you use the following.

      IntPtr stringPointer = Marshal.SecureStringToBSTR( securePassword );
      string decryptedPassword = Marshal.PtrToStringBSTR( stringPointer );
      Marshal.ZeroFreeBSTR( stringPointer );

The thing that gets me is, we're using Managed code to go OUT to Unmanaged code (via pointers) which I thought was inherently less secure than Managed code.  That part confuses me a bit, I would love some of the more knowledgable devs to comment about this please?!

Oh, one last thing, the more observant of you will notice one small hiccup with the above code in the first example.  You spot it yet?  hhhmmm let be string you along........see it now?  First line.........We're using a string as the basis for all this stuff and our whole premise was strings are unsecure, then what are you doing........hey, go easy on me's all just for demo purposes to illustrate the getting someting INTO the SecureString and OUT OF again. 

Now you know why and how to use the SecureString class, go out and refactor all your Password strings.  Ok, ok, so you'll probably do it as the time comes and you're in those modules, that's cool.  Either way, now it's time to get a coffee and get coding!



BONUS:  Did you catch this blogs title reference?  Here's the answer, Sneakers.  One of my favourite movies.



Visual C# Kicks: C# SecureString

MSDN: SecureString

Location: Blogs Parent Separator TechTidBits

Your name:
Gravatar Preview
Your email:
(Optional) Email used only to show Gravatar.
Your website:
Add Comment   Cancel 
Copyright 1999-2012 by   Terms Of Use  Privacy Statement