有没有在ASP.NET中使用SecureString的任何好处？ [英] Is there any benefit to using SecureString in ASP.NET?

问题描述

如果我理解正确的话，这是保持纯文本的内存不足，从而使应用程序反对分页到磁盘上的内存奥义攻击，垃圾堆，或存储安全。该SecureString的被送到非托管字节，而在在时间消耗1非托管字节 - 然后字符串从内存中清除。 （纠正我，如果我的路要走！）

If I understand correctly, this is for keeping plain text out of memory, so that the app is secure against esoteric attacks on memory, the garbage heap, or memory paged to disk. The SecureString is fed unmanaged bytes and consumed one unmanaged byte at at time--then the string is erased from memory. (Correct me if I way off!)

在ASP.NET中，秘密在网络表格，这回发在HTTPS收集。但随后Request对象从原来的形式要求所有的值到名称值对，并将它们集合中，例如请求[TxtPassword]​​ - 所以即使之前，我可以得到字符串，它已经被不安全写入存储器。更糟的是，如果我使用的是控制，那么不安全的重新presentation将有更多的管理字符串文本框的属性。

In ASP.NET, the secret is collected in a webform, which post back in HTTPS. But then the Request object turns all the request values from the form into name value pairs and puts them in a collection, e.g. Request["TxtPassword"]-- so even before I can get the string, it's already been written insecurely to memory. Worse, if I was using a control, then the unsecure representation will have more managed strings in the property of the TextBox.

要与此SecureString的我需要接受非托管的字符串的API做任何事情 - 这样看来，我不能使用安全字符串存储的过程参数或其他东西。

To do anything with this SecureString I need an API that takes unmanaged strings--so it seems I can't use the secure string for a stored proc parameter or much else.

我这样做不对或者是傻瓜的差事尝试使用SecureString的，而不是泄漏不安全的字符串拷贝到托管内存？

Am I doing this wrong or is it a fool's errand to try to use SecureString and not leak copies of the unsecured string into managed memory?

切换到OAuth或Windows身份验证是不是一种选择。

Switching to OAuth or Windows auth isn't an option.

推荐答案

当你正确地推断出，和其他人已经提到，这是毫无道理用的 SecureString的来存储来自一个ASP.NET表单的安全敏感的数据，因为该数据已经是纯文本present在内存中。

As you correctly deduced, and others already mentioned, it makes little sense to use SecureString to store security-sensitive data that comes from an ASP.NET form, because that data is already present in memory in plain text.

有其他方案，然而，在使用 SecureString的建议，因为敏感数据由程序本身创建，它完成后不应该保留在内存中与它一起工作。例如，创建SharePoint网站编程，或者从一个系统转移的身份验证凭据到另一个。

There are other scenarios, however, where the use of SecureString is recommended, because the sensitive data is created by the program itself and should not remain in memory after it's done working with it. For instance, creating a SharePoint site programmatically, or transferring authentication credentials from one system to another.

回到过去的好时光，这是比较容易保证敏感数据的生命周期是越短越好。它可以在栈上分配，并作为程序是用它做尽快清除：​​

Back in the good old days, it was easier to ensure that the lifetime of sensitive data was as short as possible. It could be allocated on the stack and cleared as soon as the program was done using it:

char secret[512];
generate_secret(secret, sizeof(secret));
do_something_with(secret);
memset(secret, 0, sizeof(secret));
// Secret data is now gone.

这样的方法是不可能的管理的字符串，但是，这主要是因为：

Such an approach is not possible with managed strings, though, mainly because:

• 他们不是在栈上分配的，


• 他们是不变的，所以它们不能被清除，


• 他们不是一次性的，所以没有什么时候，GC将释放数据的时间保证。它甚至可能永远不会被释放，取决于内存的条件。

SecureString的试图通过可变正在和一次性，它允许一个写来解决这个问题：

SecureString tries to solve that problem by being mutable and disposable, which allows one to write:

using (SecureString secret = new SecureString()) {
    GenerateSecret(secret);
    secret.MakeReadOnly();
    DoSomethingWith(secret);
}
// Secret data is now gone.

这篇关于有没有在ASP.NET中使用SecureString的任何好处？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！