Geek Answers Handbook

Is the password expanded using the PasswordBox.Password property?

The msdn documentation in PasswordBox.Password says:

When you get the value of the Password property, you set the password as plain text in memory. To avoid this potential security risk, use the SecurePassword property to get the password as SecureString.

So, I send SecurePassword to my view model for the PasswordChanged event, expecting that everything will be safe, but if I test my application with Snoop, in the PasswordBox Password property I see the password that I entered in plain text. Doesn't that kill the purpose of using SecurePassword? Is there anything else to protect passwords?

+8
wpf
source share
1 answer

This is my humble opinion.

Snoop injects its code into a running application. Thus, it is basically a hacking tool. A very easy to use hack tool that only works with your GUI. This is why simply changing the visibility of an element to hide some data from the user is a bad prescription of necessity. Everything about restrictions, access, and security should not be handled at the user interface level. There are ways. How to track the proof of your wpf application? , but the main answer point is that you should design your application in a way that does not allow you to track anything breaking. Confirm everything on the server, for example.

Back to your question:

There are two scenarios. First: the user creates a password. I believe that this is not a problem if the user or user malware sees the password at the moment. Then you get and store the protected string. And clear the user password.

Second scenario: you show the saved password for the user. Trick - you donโ€™t show it. You know the password length, so you can only display a disabled text field with ****. And if the user wants to change the password, you give him the actual passwords, which he must fill in with the old password and the new one, and we will return to scenario No. 1.

Silver lining:

When a user enters a password, it does not matter that he is in a clear text somewhere in his memory, since the user knows what he has typed, and malware can track keystrokes.

After you save the password, you never ever return it to the user

Update:. This is the source code for the Password property in the Password field

  public string Password { [SecurityCritical] get { string password; using (SecureString securePassword = this.SecurePassword) { IntPtr ptr = System.Runtime.InteropServices.Marshal.SecureStringToBSTR(securePassword); try { unsafe { password = new string((char*)ptr); } } finally { System.Runtime.InteropServices.Marshal.ZeroFreeBSTR(ptr); } } return password; }

So, I think MSDN says that whenever you access the Password property by calling it in code (either by looking at it in VS while debugging or by looking at its Snoop), you call the get method, which decodes SecuredString for simple text that reveals it in memory. If you do not call the Password property and do not call it by checking it in software tools, the password is not displayed in plain text in memory.

+5
source share

More articles:


All Articles