|
If you want to be secure, you can never store the password as a plain string. You'll need to read in the password character-by-character, decrypting each character. Once you've done this, you can clear out the contents of your character array.
The reason this is more secure is that strings, once created, cannot be cleared (since they are immutable). The .NET GC can even move strings around in memory, thus leaving your password in multiple places in memory. thus, there's a good chance someone inspecting your process's memory or the page file could discover your password. If you read your password in as a character array, you can construct a SecureString from it, after which you should immediately clear your character array. This makes it extremely difficult for someone to discover your password as the window of opportunity to intercept your password is very low. Here's[^] an excellent article on the purpose and uses of SecureString.
Optionally, you could read the password in as a string, then use unsafe code to clear the string in-place. I don't recommend doing this, but if you're up to it, here's an article[^] that will get you started in the right direction.
Tech, life, family, faith: Give me a visit.
I'm currently blogging about: Messianic Instrumentals (with audio)
The apostle Paul, modernly speaking: Epistles of Paul
Judah Himango
|
|
|
|
|
I should also mention that you could remove any heap allocations by creating a character array allocated on the stack. You can do this using unsafe code and the stackalloc C# keyword.
char* password = stackalloc char[200];
...
SecureString securePassword = new SecureString(password, passwordLength);
The above has the added benefit of the password never touching the heap, which makes it even more difficult to intercept.
Tech, life, family, faith: Give me a visit.
I'm currently blogging about: Messianic Instrumentals (with audio)
The apostle Paul, modernly speaking: Epistles of Paul
Judah Himango
|
|
|
|
|
This is much better code than the one i've made...
Thanks!
I'm on a Fuzzy State: Between 0 an 1
|
|
|
|
|
Hi;
Does anyone know how to programtically let a combobox display its dropdown portion?
The reason is that the application fills up the combobox programtically when the user clicks on it. But ones it is populated it will automatically choose the first item and close the dropdown. So i want to force it to stay open.
Thanx
|
|
|
|
|
this.comboBox1.DroppedDown = true;
|
|
|
|
|
Hi guys,
Our application takes some time to load.
I already tried some tricks like the suspend layout when loading combo boxes and only loading them when necessary etc. but it's still slow. Especially the first time. (because of JIT compiler)
A while ago there was a link here on CP to some article on the web that enables you to leave the JIT compilation, but I can't find it anymore. If somebody could point me out to that one, that would be great.
Any tricks you know to speed up the application is helpful, but we don't want too many code changes.
Thanks for your help!
I've found a living worth working for, but I haven't found work worth living for.
<marquee>
|
|
|
|
|
Make a form that print 'loading...' and show it before your application run
|
|
|
|
|
|
I recommend precompiling the application using NGen. This creates a native image of the application, this makes the application start a little faster and run a little faster.
Quick question: How many controls do you use on the form and is the form databound to a lot of datasources? Having a lot of controls on a form makes the application slower, especially when layering them using groupboxes and panels.
Also loading from a database the first time (and often after that too) makes the application slow. You can fake the user by loading the data using async methods. This makes the application more responsive.
There could be more tricks, but this is what I know at the moment.
WM.
What about weapons of mass-construction?
|
|
|
|
|
WillemM wrote: I recommend precompiling the application using NGen
That was the thing I lost. Thank you so much.
We don't have that many controls, but a lot of data is in them. The entire logic seems simple at the outside, but is very complex at the inside. That's why we loose so much time. Furthermore, on my laptop, speed is acceptable, but the client works on old(er) machines.
thanks for your help !!
I've found a living worth working for, but I haven't found work worth living for.
<marquee>
|
|
|
|
|
Can I ask you a little question: I've found this article -> Ngen[^].
As I understand correctly it doesn't change anything in your exe, it just has a compiled 'image' in a service. this would mean I need to use ngen again if I install on another cpu. Here's my problem: The NGen tool comes with VS2005 and on the client machine we only have the framework installed.
So what did I miss?
again, tnx for your help!
I've found a living worth working for, but I haven't found work worth living for.
<marquee>
|
|
|
|
|
NGen is part of the .NET Framework, not Visual Studio. For 1.1, you'll find it in C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322.
Dave Kreskowiak
Microsoft MVP - Visual Basic
|
|
|
|
|
|
I also have a question abour pre compilation. Doesnot we need to precompile on different hardware Configuration? A best Precompiled Image of assembly may not even good at your hardware?
Am I right? Or please give me some more info.
Best regards,
Rizwan Ahmed
|
|
|
|
|
NGen generates binaries that are VERY processor specific. If you use NGen on a Pentium IV, the code won't work on a Pentium III.
NGen is best used during application installation. After the app is installed, you can have a Custom Action precompile any/all of your assemblies so as to reduce the startup time as much as possible.
Dave Kreskowiak
Microsoft MVP - Visual Basic
|
|
|
|
|
Exactly this is what I was thinking of. Can you point any article that uses acustom action? Do I have to make a seperate application for precompiling it using System.Diagnostics.Process.Start()???
Best Regards,
Rizwan
|
|
|
|
|
This[^] is all I know of. And no, you don't have to write a seperate application to do this. You can include the code in the custom action.
Dave Kreskowiak
Microsoft MVP - Visual Basic
|
|
|
|
|
Thanks, I check it
Regards
|
|
|
|
|
Yup, you need to precompile the application every time its installed on a different computer.
This is best done during setup. There should be custom actions for it on the internet.
WM.
What about weapons of mass-construction?
|
|
|
|
|
Hi i'm working on a project that has a socket connections.. but i can't make a TLS negotiation with the server.. anyone has an idea about that? ...
|
|
|
|
|
|
I have returned your e-mail with answer. Had your original question been as specific as your e-mail to me the answer you wanted would have been provided sooner.
modified 1-Aug-19 21:02pm.
|
|
|
|
|
Hi,
I created a project to teach myself C#/VS2003 and have now found that after a couple of months AND upgrading to VS2005 that I would like to clean it up and get rid of all the mistakes/junk/bad coding that I did during the early days .
What I want to do is create a new project in VS2005, get the basic display right and then copy most of the original code pages into the new project.
I know how to copy accross the "old" .cs code files and guess I can then do a replace of the references to the old namespace to integrate these into my new project.
Is this the best way to go about it or is there a better/easier way to do this. Are there any pitfalls/dangers to watch out for.
Comments on your past experiences/suggestions will be most welcome.
Thanks,
Glen Harvy
|
|
|
|
|
Once is enough
only two letters away from being an asset
|
|
|
|
|
Hi,
I created a project to teach myself C#/VS2003 and have now found that after a couple of months AND upgrading to VS2005 that I would like to clean it up and get rid of all the mistakes/junk/bad coding that I did during the early days .
What I want to do is create a new project in VS2005, get the basic display right and then copy most of the original code pages into the new project.
I know how to copy accross the "old" .cs code files and guess I can then do a replace of the references to the old namespace to integrate these into my new project.
Is this the best way to go about it or is there a better/easier way to do this. Are there any pitfalls/dangers to watch out for.
Comments on your past experiences/suggestions will be most welcome.
Thanks,
Glen Harvy
|
|
|
|