Home
Help
Register
Log in

Search

 
   Active Threads  

You are here: Home > LLBLGen Pro > Architecture> SecureString data type in C#
 

Pages: 1
Architecture
SecureString data type in C#
Page:1/1 

  Print all messages in this thread  
Poster Message
greenstone
User



Location:
Alexandria, VA, USA
Joined on:
20-Jun-2007 03:39:56
Posted:
124 posts
# Posted on: 30-Oct-2018 19:49:49.  
Hi,

I understand that SecureString (instead of String) datatype can reduce the chance of having plain-text values in memory.

https://docs.microsoft.com/en-us/dotnet/api/system.security.securestring?view=netframework-4.7.2

Can you share any guidance about using SecureString for llblgen entities?
Andy  Top
daelmo
Support Team



Location:
Guatemala City
Joined on:
28-Nov-2005 23:35:24
Posted:
8022 posts
# Posted on: 31-Oct-2018 08:03:45. Goto attachments  
Hi Andy,

This is not a built-in feature but you could write a TypeConverter to use it in the fields you want. I was curious about this type (I never used it before) so I gave it a try writing my own converter. I could assign it to fields, generate code, fetch an entity and save it back. The protected field was Customer.Phone. I was able to fetch the data from DB, while the field is not readable in the code, and then set it to a new value using the underlying converter using InteropServices.Marshal.SecureStringToGlobalAllocUnicode(value).

The TypeConverter, a test .llblgenproj file and a Test .net project zipped and attached to this message. Maybe it helps. To use it:

1. Compile the NWTC.TypeConverters project.
2. Copy the compiled NWTC.TypeConverters.dll to [LLBLGen Installation Folder]\TypeConverters
3. Copy the NWTC.TypeConverters.typeimports file (it's in the root of the zipped folder) into [LLBLGen Installation Folder]\TypeConverters folder.
4. Open the file used in (3) and validate that the path to the LLBLGen installation folder is ok.
5. Now you can use it. There is a LLBLGen project and a solution to test.

Useful links:
- Type shorcuts
- How to automatically assign Type Converters.
- Type Import Definitions

Now that I made that spike test, I really don't know whether or not this is 100% useful for what you are looking for. I see that ADO.Net doesn't support this type directly. It's used typically for protect the SQLCredentials in a connection string, but not for data types in ADO.Net. So, at some point, just before the conversion from the data coming from DB and the entity initialization, there is a string in plain text that is transformed into a SecureString by the converter at Entity initialization.
So, for a moment that plain string was in the memory, right?

How would you do it if you just have a ADO.Net connection and want to protect some field of the resulset?


David Elizondo
LLBLGen'ing (articles and code snippets) | linkedin | twitter
 
Top
Pages: 1  


Powered by HnD ©2002-2007 Solutions Design
HnD uses LLBLGen Pro

Version: 2.1.12172008 Final.