The WithUsernamePassword extension should use SecureString as the type for the password parameter

microsoftgraph / msgraph-sdk-dotnet-auth

Archived - use the TokenCredential classes provided by Azure.Identity. https://docs.microsoft.com/en-us/dotnet/api/overview/azure/identity-readme

https://graph.microsoft.com

MIT License

78 stars 19 forks source link

The WithUsernamePassword extension should use SecureString as the type for the password parameter #36

Closed pschaeflein closed 5 years ago

pschaeflein commented 5 years ago

The current signature enables worst practices for password storage.

While I understand that the UsernamePassword provider is not recommended, if it is being used, then requiring a SecureString will force developers to "secure" the password before calling the SDK.

peombwa commented 5 years ago

@pschaeflein Thanks for reporting this. We will update UsernamePasswordProvider to use a SecureString as part of issue #461.