[Mono-bugs] [Bug 348062] New: SecureString should be used to hide private data everywhere

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Wed Dec 12 08:31:34 EST 2007


           Summary: SecureString should be used to hide private data
           Product: Mono: Class Libraries
           Version: 1.2.6
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Enhancement
          Priority: P5 - None
         Component: Mono.Security
        AssignedTo: spouliot at novell.com
        ReportedBy: vgiszpenc at dsci.com
         QAContact: mono-bugs at ximian.com
          Found By: ---

As you know, in .Net Framework 2.0 Microsoft added the SecureString class to
keep passwords and other private data hidden.  They did not add SecureString
to the hashing or encryption/decryption providers to allow developers to
take advantage of this new class.  Mono does not use it in PKCS12 or
anywhere else it could.  It would be great if Mono took the lead and made
touching private data a thing of the past.  I could list a few places where
password is accepted, but I am sure the security gurus know these classes
way better than I do.

I am not suggesting we break API compatibility with Microsoft.  There are
plenty of ways to provide this additional functionality without impacting the
System.Security signatures.



Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the mono-bugs mailing list