Re: I want to clear "immutable" string contents!
From: Ivan Medvedev [MS] (ivanmed_at_online.microsoft.com)
Date: Tue, 19 Aug 2003 13:44:51 -0700
'string pass' is not pinned, so if garbage collection happens between
ReadLine and 'fixed(void* pv' there is a chance that copies of the string
will be on the heap (because GC can move objects around). Also, there is no
guarantee that ReadLine didn't make copies of the string under the hood.
Unfortunately there is currently no way to reliably clean strings.
This posting is provided "AS IS" with no warranties, and confers no rights.
"cppdev" <firstname.lastname@example.org> wrote in message
> Hi All!
> I want to clear the string contents from sensitive information
> such as passwords.
> It's always the case that password will appear as string at some point
> or another. And i feel uneasy leaving it hanging in memory indefinitely
> (especially in case when string is Interned).
> So at least for the case when string is not interned can we do:
> string pass = Console.ReadLine();
> if (string.IsInterned(pass) == null)
> fixed(void* pv = pass)
> char* pb = (char*)pv;
> for(int i =0; i < pass.Length; ++i)
> pb[i] = '0';
> Note: explicit RuntimeHelpers.OffsetToStringData is not needed.
> What do you all think about this? It does appear to work!