I created a WIP for feature 4299 (http://wixtoolset.org/issues/4299/, not sure 
exactly when the WIP will come online).
 
On my pull request for the WIP, Bob said "First impressions: The 
SecureStringVariables and WixFeat:4304 should probably go together to keep the 
SecureString contract strong. You could keep the SecureZeroMemory portion in 
its own WIP, if you want that level of granularity. Or 4299 and 4304 could come 
together."
 
My problem with trying to make sure that variable values are encrypted during 
runtime and zeroed out when freed is that I'm not sure the encryption can be 
done in 3.x.  So I guess what it comes down to is whether to have 
SecureStringVariables even if the engine won't be encrypting what it receives.  
The alternative would be creating yet another *Variables 
(StringPointerVariables?) so that the managed BA doesn't have to use a 
System.String.
                                          
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
WiX-devs mailing list
WiX-devs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-devs

Reply via email to