Re: Destroy a string
- From: rossum <rossum48@xxxxxxxxxxxx>
- Date: Thu, 04 Jan 2007 00:14:40 +0000
On Wed, 3 Jan 2007 16:13:58 -0600, "Ben Voigt" <rbv@xxxxxxxxxxxxx>
wrote:
There may also be a copy on disk in swapspace, on automatic backups
"rossum" <rossum48@xxxxxxxxxxxx> wrote in message
news:c49op25un1a4lho1isikia8nvuueog06co@xxxxxxxxxx
On 3 Jan 2007 06:11:00 -0800, "Mark C" <MarkJohnCrosbie@xxxxxxxxx>
wrote:
I know a string is immutable, but is there any trick or any other wayNot so much destroy the string as overwrite it:
to destroy a string
Thanks
www.quiznetonline.com
/// <summary>
/// Overwrites a string in-situ. Useful for removing
/// evidence of keys, passwords etc.
/// </summary>
/// <param name="text">The string to overwrite.</param>
public static unsafe void OverwriteString(string text) {
const char overwriteChar = 'X';
fixed (char* cp = text) {
for (int i = 0; i < text.Length; ++i) {
cp[i] = overwriteChar;
} // end for
} // end fixed
} // end OverwriteString()
The string is still on the heap, but the sensitive information it
contained is no longer there.
The current location of the buffer is wiped, but if the string survived a
generation, the garbage collector has made copies :(
and written on a post-it under the keyboard. It is not possible to be
completely secure, all that is possible is to make the attacker's job
more difficult.
rossum
.
- Follow-Ups:
- Re: Destroy a string
- From: Willy Denoyette [MVP]
- Re: Destroy a string
- References:
- Destroy a string
- From: Mark C
- Re: Destroy a string
- From: rossum
- Re: Destroy a string
- From: Ben Voigt
- Destroy a string
- Prev by Date: dll get's added to my cache area "automatic"
- Next by Date: Re: difference between private static and public static.
- Previous by thread: Re: Destroy a string
- Next by thread: Re: Destroy a string
- Index(es):
Relevant Pages
|
