[Mono-bugs] [Bug 348062] New: SecureString should be used to hide private data everywhere
bugzilla_noreply at novell.com
bugzilla_noreply at novell.com
Wed Dec 12 08:31:34 EST 2007
https://bugzilla.novell.com/show_bug.cgi?id=348062
Summary: SecureString should be used to hide private data
everywhere
Product: Mono: Class Libraries
Version: 1.2.6
Platform: Other
OS/Version: Other
Status: NEW
Severity: Enhancement
Priority: P5 - None
Component: Mono.Security
AssignedTo: spouliot at novell.com
ReportedBy: vgiszpenc at dsci.com
QAContact: mono-bugs at ximian.com
Found By: ---
As you know, in .Net Framework 2.0 Microsoft added the SecureString class to
keep passwords and other private data hidden. They did not add SecureString
to the hashing or encryption/decryption providers to allow developers to
take advantage of this new class. Mono does not use it in PKCS12 or
anywhere else it could. It would be great if Mono took the lead and made
touching private data a thing of the past. I could list a few places where
password is accepted, but I am sure the security gurus know these classes
way better than I do.
I am not suggesting we break API compatibility with Microsoft. There are
plenty of ways to provide this additional functionality without impacting the
System.Security signatures.
Thanks,
Vlad
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the mono-bugs
mailing list