What is SecureString?

Since a String class, is immutable and when it is not needed, it cannot be programmatically scheduled for GC or in other words, it is not possible to predict when it will be deleted from the memory that can be a security risk especially if the string contains sensitive information such has credit card numbers, passwords, etc. This is where a new class in .NET 2.0 which ships with Visual Studio 2005 called SecureString comes in. It represents text that should be kept confidential and is encrypted for privacy when being used, and deleted from computer memory when no longer needed.

A SecureString is similar to a String in that it has a text value, but, the value of an instance of the SecureString class is automatically encrypted, can be modified until your application marks it as read-only, and, when no longer needed, it can be deleted from computer memory by either your code or the GC. The value of an instance of SecureString is automatically encrypted when the instance is initialised or when the value is modified. Your code can render the instance immutable and prevent further modification by invoking the MakeReadOnly method.

Note: SecureString has no members that inspect, compare, or convert the value of a SecureString. The absence of such members helps protect the value of the instance from accidental or malicious exposure.

Published by

Amit Bahree

This blog is my personal blog and while it does reflect my experiences in my professional life, this is just my thoughts. Most of the entries are technical though sometimes they can vary from the wacky to even political – however that is quite rare. Quite often, I have been asked what’s up with the “gibberish” and the funny title of the blog? Some people even going the extra step to say that, this is a virus that infected their system (ahem) well. [:D] It actually is quite simple, and if you have still not figured out then check out this link – whats in a name?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.