Re: I want to clear "immutable" string contents!

From: Ivan Medvedev [MS] (ivanmed_at_online.microsoft.com)
Date: 08/19/03

Next message: Michel Gallant: "Re: I want to clear "immutable" string contents!"

Previous message: Michel Gallant: "Re: Symmetric Encryption/Decryption: Failure with bad key"
In reply to: cppdev: "I want to clear "immutable" string contents!"
Next in thread: Michel Gallant: "Re: I want to clear "immutable" string contents!"
Reply: Michel Gallant: "Re: I want to clear "immutable" string contents!"
Reply: cppdev: "Re: I want to clear "immutable" string contents!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 19 Aug 2003 13:44:51 -0700

cppdev -
'string pass' is not pinned, so if garbage collection happens between
ReadLine and 'fixed(void* pv' there is a chance that copies of the string
will be on the heap (because GC can move objects around). Also, there is no
guarantee that ReadLine didn't make copies of the string under the hood.
Unfortunately there is currently no way to reliably clean strings.
--Ivan
This posting is provided "AS IS" with no warranties, and confers no rights.

"cppdev" <cppdev9@yahoo.com> wrote in message
news:fcce1cba.0308191100.38a0c2fa@posting.google.com...
> Hi All!
>
> I want to clear the string contents from sensitive information
> such as passwords.
>
> It's always the case that password will appear as string at some point
> or another. And i feel uneasy leaving it hanging in memory indefinitely
> (especially in case when string is Interned).
>
> So at least for the case when string is not interned can we do:
>
> string pass = Console.ReadLine();
> if (string.IsInterned(pass) == null)
> {
> unsafe
> {
> fixed(void* pv = pass)
> {
> char* pb = (char*)pv;
> for(int i =0; i < pass.Length; ++i)
> pb[i] = '0';
> }
> }
> }
> Console.WriteLine(pass);
>
> Note: explicit RuntimeHelpers.OffsetToStringData is not needed.
>
> What do you all think about this? It does appear to work!

Next message: Michel Gallant: "Re: I want to clear "immutable" string contents!"

Previous message: Michel Gallant: "Re: Symmetric Encryption/Decryption: Failure with bad key"
In reply to: cppdev: "I want to clear "immutable" string contents!"
Next in thread: Michel Gallant: "Re: I want to clear "immutable" string contents!"
Reply: Michel Gallant: "Re: I want to clear "immutable" string contents!"
Reply: cppdev: "Re: I want to clear "immutable" string contents!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Whats the correct interpretation of readline?
... string readline pop print ( ... Xpost Version x2vG ... reads a line of characters (terminated by newline character) from file ...
(comp.lang.postscript)
Re: StreamReader.ReadLine()
... Readline() to form your string? ... I have a string whose name is riga, ... StringBuilder query = new StringBuilder("INSERT INTO ...
(microsoft.public.dotnet.languages.csharp)
Re: Best way to edit text file through a form?
... into a label or text box using TextStream ReadLine. ... be to return the text of the selection into a string, then ReadLine ...
(microsoft.public.vb.general.discussion)
Ruby Readline Maintainer
... Does anyone know who maintains the Ruby Readline extension? ... It's possible to specify a proc that, given the current string a user ... the proc parses through an array of command ...
(comp.lang.ruby)
Re: FileReader / BufferedReader Help
... have to use read instead of readLine as Roedy suggested. ... Then use String. ... text files under my personal control, I use the Unix convention, a ...
(comp.lang.java.help)