https://bugzilla.novell.com/show_bug.cgi?id=348062
Summary: SecureString should be used to hide private data
everywhere
Product: Mono: Class Libraries
Version: 1.2.6
Platform: Other
OS/Version: Other
Status: NEW
Severity: Enhancement
Priority: P5 - None
Component: Mono.Security
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
QAContact: [EMAIL PROTECTED]
Found By: ---
As you know, in .Net Framework 2.0 Microsoft added the SecureString class to
keep passwords and other private data hidden. They did not add SecureString
to the hashing or encryption/decryption providers to allow developers to
take advantage of this new class. Mono does not use it in PKCS12 or
anywhere else it could. It would be great if Mono took the lead and made
touching private data a thing of the past. I could list a few places where
password is accepted, but I am sure the security gurus know these classes
way better than I do.
I am not suggesting we break API compatibility with Microsoft. There are
plenty of ways to provide this additional functionality without impacting the
System.Security signatures.
Thanks,
Vlad
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
_______________________________________________
mono-bugs maillist - [email protected]
http://lists.ximian.com/mailman/listinfo/mono-bugs
