Searching about SecureString, Password, PasswordBox. And Passwordstring fields/properties around in .net APIs.
In SecureString doc we can see a warning telling us "what happen" with SecureString and discouraging about using it.
Describe the new article
We can read in some issues in runtime repo about SecureString obsolescence, Secret, ShroudedBuffer... as new alternatives, etc...
But nowhere, any doc, teach or advice about how to manage passwords securely in .Net.
Workflows, classes, best practices, alternatives, common fails...
This should be linked in System.Security namespace documentation. And can be an "extra resource" or be in "learning".
Outline:
-Concerns about security and secrets.
-Light explanation about windows low-level sensitive data managing/certificates, etc... Or a link to existing doc.
-What to use in .Net for this.
-Managing passwords or sensitive data in .Net. What to do, what NOT to do.
-Code examples.
-Certificates/other solutions instead passwords.
-Asp.Net relations/SQL Server cryptography links.
-Code examples.
In advance, sorry for my english.
Help us make content visible
Searching about
SecureString
,Password
,PasswordBox
. AndPassword
string
fields/properties around in .net APIs. InSecureString
doc we can see a warning telling us "what happen" withSecureString
and discouraging about using it.Describe the new article
We can read in some issues in runtime repo about SecureString obsolescence, Secret, ShroudedBuffer... as new alternatives, etc...
But nowhere, any doc, teach or advice about how to manage passwords securely in .Net.
Workflows, classes, best practices, alternatives, common fails...
This should be linked in System.Security namespace documentation. And can be an "extra resource" or be in "learning".
Outline: -Concerns about security and secrets. -Light explanation about windows low-level sensitive data managing/certificates, etc... Or a link to existing doc. -What to use in .Net for this. -Managing passwords or sensitive data in .Net. What to do, what NOT to do. -Code examples. -Certificates/other solutions instead passwords. -Asp.Net relations/SQL Server cryptography links. -Code examples.