从内存中清除C#字符串 [英] Clear C# String from memory

问题描述

出于安全原因，我正在尝试清除C#字符串的内存内容. 我知道SecureString类，但是不幸的是，我无法在应用程序中使用SecureString而不是String.需要清除的字符串是在运行时动态创建的(例如，我不尝试清除字符串文字).

I'm trying to clear the memory contents of a C# string for security reasons. I'm aware of the SecureString class, but unfortunately I cannot use SecureString instead of String in my application. The strings which need to be cleared are created dynamically at runtime (e.g. I'm not trying to clear string literals).

我发现的大多数搜索结果基本上都指出，清除String的内容是不可能的(因为字符串是不可变的)，应该使用SecureString.

Most search result I found basically stated that clearing the contents of a String is not possible (as string are immutable) and SecureString should be used.

因此，我确实在下面提出了自己的解决方案(使用不安全的代码).测试表明该解决方案有效，但是我仍然不确定该解决方案是否有问题?有更好的吗?

Therefore, I did come up with my own solution (using unsafe code) below. Testing shows that the solutions works, but I'm still not sure if there is anything wrong with the solution? Are there better ones?

static unsafe bool clearString(string s, bool clearInternedString=false) 
{
    if (clearInternedString || string.IsInterned(s) == null)
    {
        fixed (char* c = s)
        {
            for (int i = 0; i < s.Length; i++)
                c[i] = '\0';
        }
        return true;
    }
    return false;
}

编辑:由于GC上的注释在调用clearString之前将字符串移到了周围，所以以下代码段呢?

Due to the comments on the GC moving the string around before clearString gets called: what about the following snippet?

string s = new string('\0', len);
fixed (char* c = s)
{
    // copy data from secure location to s
    c[0] = ...;
    c[1] = ...;
    ...

    // do stuff with the string

    // clear the string
    for (int i = 0; i < s.Length; i++)
        c[i] = '\0';
}

推荐答案

您的问题是字符串可以移动.如果GC运行，它可以将内容移动到新位置，但不会将旧内容归零.如果您将相关字符串归零，则不能保证该字符串的副本在内存中的其他位置不存在.

Your problem with this is that strings can move. If the GC runs, it can move the contents to a new location, but it won't zero out the old one. If you did zero out the string in question, you have no guarantee that a copy of it doesn't exist elsewhere in memory.

这是链接到.NET垃圾收集器，它讨论了压缩.

Here is a link to the .NET Garbage Collector, and it talks about compacting.

这是您的更新问题:

// do stuff with the string

问题在于，一旦它离开您的控件，您将失去确保其安全性的能力.如果它完全在您的控制范围内，那么您就不必只使用字符串类型.简而言之，这个问题已经存在了很长时间，并且没有人提出一种安全的方法来解决这个问题.如果要确保其安全，最好通过其他方式进行处理.清除字符串是为了防止某人能够通过内存转储找到它.如果不能使用安全字符串，阻止此错误的最佳方法是限制对运行代码的计算机的访问权限.

The problem is that once it leaves your control, you lose the ability to make sure that it's secure. If it was entirely in your control, then you wouldn't have the limitation of only using a string type. Simply put, this issue has been around for a long time, and no one has come up with a secure way of handling this. If you want to keep it secure, it's best handled through other means. Clearing out the string is meant to prevent someone from being able to find it through a memory dump. The best way to stop this if you can't use secure string is limit access to the machine the code is running on.

这篇关于从内存中清除C#字符串的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！