如何安全使用SecureString? [英] How do I use SecureString securely?
问题描述
我看到的所有示例最终都在使用SecureString之前将其转换为标准字符串,从而破坏了对象.没有此问题的使用安全字符串的好方法是什么?
All of the examples I have seen end up converting a SecureString back to a standard string before using it, defeating the object. What's a good way of using a secure string without this problem?
我知道我可以将SecureString编组为BSTR,但是该BSTR怎么办?我可以一次找回一个角色吗?如果可以,怎么办?
I know I can marshall the SecureString to a BSTR but what can I do with this BSTR? Can I get the characters back one at a time? If so, how?
推荐答案
此链接包含许多有用的信息,包括如何获取将字符串传递给本机代码的非托管内存块(大概也是安全的),使用它的BCL类,并链接到几个示例:
This link includes a lot of helpful information, including how to get an unmanaged memory block for passing the string to native code (that is presumably also secure), a BCL class that uses it, and links to a couple examples:
http://bartdesmet.net/blogs/bart/archive/2006/03/31/3851.aspx
最主要的是它还没有真正使用过,但是您可以自由地创建依赖它的自己的库.
The main thing is that it's not really used that much yet, but you are free to make your own libraries that rely on it.
这篇关于如何安全使用SecureString?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
