Eavesdrop on call stack - peeking at variable values in a running process using the VS.NET IDE

From: Joubert (com.pwc.za_at_nel.joubert)
Date: 05/29/03 

Date: Thu, 29 May 2003 13:41:52 +0200

Hi,

Background:
I'm trying to see whether, during runtime, the values of my application's variables are accessible to an outsider.

Steps:
1) Compile application for a Release Build.
2) Run it from Explorer
3) Using the VS.NET IDE, I attach to the running process
4) I then Pause the process
5) Paging through the call stack I come across:

Source code:
In my code, I've overloaded the Show method with some string arguments (as above). The values of username and password are passed in encrypted form. However, at some point I call encryption/decryption methods to deal with the strings (the encryption/decryption methods reside in a different assembly).

Query:
When I pass the cleartext strings around inside my application can they be lifted by an eavesdropper? I have already confirmed with the above that one entry point is when one passes the variables between form methods. What about when calling methods across assembly borders?

Cheers
Joubert.

callstack.jpg