Re: I want to clear "immutable" string contents!

From: Ivan Medvedev [MS] (ivanmed_at_online.microsoft.com)
Date: 08/19/03

  • Next message: Michel Gallant: "Re: I want to clear "immutable" string contents!"
    Date: Tue, 19 Aug 2003 13:44:51 -0700
    
    

    cppdev -
    'string pass' is not pinned, so if garbage collection happens between
    ReadLine and 'fixed(void* pv' there is a chance that copies of the string
    will be on the heap (because GC can move objects around). Also, there is no
    guarantee that ReadLine didn't make copies of the string under the hood.
    Unfortunately there is currently no way to reliably clean strings.
    --Ivan
    This posting is provided "AS IS" with no warranties, and confers no rights.

    "cppdev" <cppdev9@yahoo.com> wrote in message
    news:fcce1cba.0308191100.38a0c2fa@posting.google.com...
    > Hi All!
    >
    > I want to clear the string contents from sensitive information
    > such as passwords.
    >
    > It's always the case that password will appear as string at some point
    > or another. And i feel uneasy leaving it hanging in memory indefinitely
    > (especially in case when string is Interned).
    >
    > So at least for the case when string is not interned can we do:
    >
    > string pass = Console.ReadLine();
    > if (string.IsInterned(pass) == null)
    > {
    > unsafe
    > {
    > fixed(void* pv = pass)
    > {
    > char* pb = (char*)pv;
    > for(int i =0; i < pass.Length; ++i)
    > pb[i] = '0';
    > }
    > }
    > }
    > Console.WriteLine(pass);
    >
    > Note: explicit RuntimeHelpers.OffsetToStringData is not needed.
    >
    > What do you all think about this? It does appear to work!


  • Next message: Michel Gallant: "Re: I want to clear "immutable" string contents!"