Log in


   Active Threads  

You are here: Home > LLBLGen Pro > Architecture> SecureString data type in C#

Pages: 1
SecureString data type in C#

  Print all messages in this thread  
Poster Message

Alexandria, VA, USA
Joined on:
20-Jun-2007 03:39:56
124 posts
# Posted on: 30-Oct-2018 19:49:49.  

I understand that SecureString (instead of String) datatype can reduce the chance of having plain-text values in memory.


Can you share any guidance about using SecureString for llblgen entities?
Andy  Top
Support Team

Guatemala City
Joined on:
28-Nov-2005 23:35:24
8048 posts
# Posted on: 31-Oct-2018 08:03:45. Goto attachments  
Hi Andy,

This is not a built-in feature but you could write a TypeConverter to use it in the fields you want. I was curious about this type (I never used it before) so I gave it a try writing my own converter. I could assign it to fields, generate code, fetch an entity and save it back. The protected field was Customer.Phone. I was able to fetch the data from DB, while the field is not readable in the code, and then set it to a new value using the underlying converter using InteropServices.Marshal.SecureStringToGlobalAllocUnicode(value).

The TypeConverter, a test .llblgenproj file and a Test .net project zipped and attached to this message. Maybe it helps. To use it:

1. Compile the NWTC.TypeConverters project.
2. Copy the compiled NWTC.TypeConverters.dll to [LLBLGen Installation Folder]\TypeConverters
3. Copy the NWTC.TypeConverters.typeimports file (it's in the root of the zipped folder) into [LLBLGen Installation Folder]\TypeConverters folder.
4. Open the file used in (3) and validate that the path to the LLBLGen installation folder is ok.
5. Now you can use it. There is a LLBLGen project and a solution to test.

Useful links:
- Type shorcuts
- How to automatically assign Type Converters.
- Type Import Definitions

Now that I made that spike test, I really don't know whether or not this is 100% useful for what you are looking for. I see that ADO.Net doesn't support this type directly. It's used typically for protect the SQLCredentials in a connection string, but not for data types in ADO.Net. So, at some point, just before the conversion from the data coming from DB and the entity initialization, there is a string in plain text that is transformed into a SecureString by the converter at Entity initialization.
So, for a moment that plain string was in the memory, right?

How would you do it if you just have a ADO.Net connection and want to protect some field of the resulset?

David Elizondo
LLBLGen'ing (articles and code snippets) | linkedin | twitter
Pages: 1  

Powered by HnD ©2002-2007 Solutions Design
HnD uses LLBLGen Pro

Version: 2.1.12172008 Final.