[Mono-dev] Mono.Security + SecureString

Vladimir Giszpenc vgiszpenc at dsci.com
Wed Dec 12 07:55:46 EST 2007


As you know, in .Net Framework 2.0 Microsoft added the SecureString class to
keep passwords and other private data hidden.  They did not add SecureString
to the hashing or encryption/decryption providers to allow developers to
take advantage of this new class.  Mono does not use it in PKCS12 or
anywhere else it could.  It would be great if Mono took the lead and made
touching private data a thing of the past.  I could list a few places where
password is accepted, but I am sure the security gurus know these classes
way better than I do.

I realize that this is an enhancement request, but security helps to sell
technology.  It would be nice to be able to say that Mono is more secure
than .Net (or Java).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3329 bytes
Desc: not available
Url : http://lists.ximian.com/pipermail/mono-devel-list/attachments/20071212/558ffbbf/attachment.bin 

More information about the Mono-devel-list mailing list