I created a WIP for feature 4299 (http://wixtoolset.org/issues/4299/, not sure
exactly when the WIP will come online).
On my pull request for the WIP, Bob said "First impressions: The
SecureStringVariables and WixFeat:4304 should probably go together to keep the
SecureString contract strong. You could keep the SecureZeroMemory portion in
its own WIP, if you want that level of granularity. Or 4299 and 4304 could come
together."
My problem with trying to make sure that variable values are encrypted during
runtime and zeroed out when freed is that I'm not sure the encryption can be
done in 3.x. So I guess what it comes down to is whether to have
SecureStringVariables even if the engine won't be encrypting what it receives.
The alternative would be creating yet another *Variables
(StringPointerVariables?) so that the managed BA doesn't have to use a
System.String.
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
WiX-devs mailing list
WiX-devs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-devs
