C＃SecureString的问题 [英] C# SecureString Question

问题描述

有没有什么办法让一个SecureString的价值，而不包括安全性？例如，只要你做PtrToStringBSTR低于code中的字符串不再是安全的，因为字符串是不可变和垃圾回收是不确定的字符串。

Is there any way to get the value of a SecureString without comprising security? For example, in the code below as soon as you do PtrToStringBSTR the string is no longer secure because strings are immutable and garbage collection is non-deterministic for strings.

IntPtr ptr = Marshal.SecureStringToBSTR(SecureString object);
string value = Marshal.PtrToStringBSTR(ptr);

如果有一种方式来获得非托管BSTR字符串的一个char []或字节[]？请问这意味着垃圾收集更predictable（因为你会使用一个char []和byte []的，而不是一个字符串？这是假设是正确的，如果是的话，你会如何找回的char []或字节[]？

What if there were a way to get a char[] or byte[] of the unmanaged BSTR string? Would that mean garbage collection is more predictable (since you would be using a char[] or byte[] rather than a string? Is this assumption correct, and if so, how would you get back the char[] or byte[]?

推荐答案

这应该可以帮助你：<一href="http://web.archive.org/web/20090928112609/http://dotnet.org.za/markn/archive/2008/10/04/handling-passwords.aspx"相对=nofollow>封送SecureString的密码字符串

从文章的要点是：

• 固定字符串在内存中。
• 使用管理指针变异的System.String。
• 使用执行codeWithGuaranteedCleanup方法的有力保证。

• Pin the string in memory.
• Use managed pointers to mutate the System.String.
• Use the strong guarantees of the ExecuteCodeWithGuaranteedCleanup method.

这篇关于C＃SecureString的问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！