![]() ![]() My code is very simple, basically I have a Command for my Button. When I had the PasswordBox as a TextBox and Binding Path=Password then the property in my LoginViewModel was updated. I used the code above as stated and entered this Username is fine and is working as it's a TextBox. I basically have properties in my LoginViewModel for Username and Password. It technically looks great, but I am unsure of how to retrieve the password. I found some interesting code here (has anyone used this or something similar?) It seems it's a security risk but I am using the MVVM pattern so I wish to bypass this. That said, you can still follow some reasonable guidelines when using PasswordBox and SecureStrings in general.Īlways dispose result of PasswordBox.SecurePassword if you ever need to access it: using (var pwd = myBox.I have come across a problem with binding to a PasswordBox. If your application is so compromised that attacker can inject his own dll into your process and run arbitrary code there - then you have bigger problems anyway (and still there is high chance that password will not be present in memory already). SecureString is encrypted (if possible, and usually it is), so if someone can just read raw memory (such as someone stealing your memory dump) - he will not be able to read your password from it. You can read more about SecureString in documentation. The whole point of using SecureString is to reduce amount of time sensetive data is present in memory, and reduce number of copies of that sensetive data. NET string from SecurePassword property, it does not store it as string internally. What might I be missing in this puzzle? How is the PasswordBox even secure if it contains a Password property in clear text? ![]() Net memory manager/garbage collector, it would seem plausible to me that all they'd have to do is access the PasswordBox control object, rather than a string object in memory and simply access the Password property. However, if the problem is that some application might be sniffing your variables in the. ![]() I will admit, I have no clue how these exploits are executed. Net memory, could the same snooping malicious codes simply look for a PasswordBox that is hanging around in memory and find some way to access the Password field, making the use of the SecureString value essentially useless? However, since the point of the secured form of the string is to keep the value secure from a snooping process (I assume) that can read the. I would like to assume that if I never access the Password property within my application, an insecure version of my sensitive information will never be generated and have to be garbage collected. However, there is one major flaw that I see with this control- it has a Password property which is the user-entered content in an insecure. For the sake of security, it provides a SecureString object through the SecurePassword property which is, in my case, secure enough for my needs. Out of the box, the WPF PasswordBox is the go to control for getting passwords, or other sensitive information. I've already asked a couple of questions around the PasswordBox recently, but at the heart of my issue, I need an extremely secure way of getting very sensitive information inputted into my.
0 Comments
Leave a Reply. |