Friday, April 8, 2016

SecureString

In .NET this is a type which is a mutable string of sorts. It has a fixed size so that it doesn't have to sit on the heap. It's basically a character array. You can put stuff in and out of SecureString until setting it to be read only. The whole reason for this thing is to store in strings stuff you want to explicitly destroy quickly without either forcing garbage collection or waiting for garbage collection. Why would you care? There are some wacky memory attacks that try to fish out data from not-cleaned-up memory.

No comments:

Post a Comment