Securing strings in .NET....possibility? - .NET (Core and Framework) Discussion Boards

thanks man !

PIEBALDconsult wrote:
Visual Studio doesn't use CSC.exe,

Surely you meant "doesn't directly use"? MSBuild will have to use the compiler one way or the other.

Regards
Senthil [MVP - Visual C#]
_____________________________
My Home Page |My Blog | My Articles | My Flickr | WinMacro

I expect CSC and MSBUILD call the same classes and methods, but neither calls the other.

Visual Studio does indeed use CSC (and LC). You can see this in your Build Output panel.

Mark Churchill
Director, Dunn & Churchill Pty Ltd
Free Download: Diamond Binding: The simple, powerful, reliable, and effective data layer toolkit for Visual Studio.

Entanglar: .Net game engine featuring automatic networking and powerful HLSL gfx binding.

I can see it even more clearly by renaming CSC and trying to build in VS (2005 and 2008 anyway).

So where did I hear that it doesn't?

Oh well, my bad.

Hello,
I have a requirement of modifying the datasource of crystal report as per user select option from form. As records per each selection are too much which reduces the performance of application, so I need to do in this way. I tried to change the datasource by setting setdatasource command but it doesn't refresh the data in report.

Thanks in advance

Regards
Ali Raza

Don't cross post. It's considered rude. Pick a forum and stick to it.

The need to optimize rises from a bad design.My articles[^]

I have been trying to come up with a way to manage string security in .NET. The whole idea of a SecureString is nice, but the way it works in .NET right now is atrocious...it just doesn't really provide any value given how it is such a pain to work with. I wrote the following extension to System.String...curious what others think:

public static class StringExtensions
{
	const string OVERWRITE_CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890-=~!@#$%^&*()_+";
	const int MAX_OVERWRITES = 3;

	/// <summary>
	/// Performs a secure wipe of the string in memory, overwriting the 
	/// existing contents with junk, then again with nil.
	/// </summary>
	/// <param name="str">The string to wipe.</param>
	public static unsafe void SecureWipe(this String str)
	{
		// If string is null, there is no securing to be done...return gracefully
		if (str == null)
			return;

		// Prepare
		Random rnd = new Random();
		int maxRnd = OVERWRITE_CHARS.Length;
		int maxLen = str.Length;

		// Pin the string in memory so GC doesn't mess with it, and get a pointer
		fixed (char* c = str)
		{
			// Overwrite with random junk a few times
			for (int r = 0; r < MAX_OVERWRITES; r++)
			{
				for (int i = 0; i < maxLen; i++)
				{
					char rndChar = OVERWRITE_CHARS[rnd.Next(maxRnd)];
					c[i] = rndChar;
				}
			}

			// Overwrite one last time with nil
			for (int i=0; i < maxlen; i++)
                        {
				c[i] = '\0';
			}

			// Set the length to zero
			int* len = (int*)c;
			len[-1] = 0;
		}
	}
}

I know its possible for the .NET framework to create copies of a string in internal framework methods...nothing I can do about that, and when you need to display a string, SecureString doesn't solve that problem either. But at least with something like this...you can wipe the copy that hackers are most likely to get.

Thoughts? Improvements? Reasons why it won't work?

I'm not able to say if there are scenarios when this wouldn't work (concerning internal memory handling), but as far as I can see, looks very good.

Now you've chosen to do this as an extension, which is good since it can be used for any string. However, would there be a point if you also create a wrapper class for this kind of strings. With the wrapper you could possibly have more control over the string usage and behaviour. For example you could have separate mechanisms to show the string or to modify the string etc.

The need to optimize rises from a bad design.My articles[^]

Indeed, to make it truely viable it would probably need to be a wrapper class, or perhapse have both the SecureWipe extension and a SecureString that handles copy, concat, etc.

I think this would be a bit of a nightmare to manage since string operations usually end up creating more strings. A simple concantenation leaves to the initial strings intact and creates a third. Instead of a string automatically wiping itself at the end of its life, you have to manage that for each and every instance of a secured string.

A guide to posting questions on CodeProject[^]

Dave Kreskowiak
Microsoft MVP
Visual Developer - Visual Basic
2006, 2007, 2008

It is easy enough to add more extensions, such as SecureCopy, SecureCat, SecureModify, etc. that automatically wipe the old versions after the new is created. It might be better to have a whole SecureString class for it rather than extensions, though.

Yeah, what they said.

Plus I would make the Random a static member of the class rather than creating a new one on each call.
I might also use a cryptographic randomizer instead of Random.

However, I expect you may be tryingto fix a non-existant problem.

Jon Rista wrote:
the way it works in .NET right now is atrocious

Please explain.

Its atricuous because once the data is in a SecureSring, there is no real way to use it outside of unmanaged code and BSTR...and I try hard to avoid unmanaged code in my projects.

It is entirely possible I am trying to solve a non-existent problem. I was just experimenting. Poke tongue | ;-P

Its atricuous because once the data is in a SecureSring, there is no real way to use it outside of unmanaged code and BSTR...and I try hard to avoid unmanaged code in my projects.

The string object is supposed to be immutable; using funny tricks to alter existing string objects is bad mojo since there's generally no way of guaranteeing what references may exist to any particular string.

For example, a display routine might decide to keep a cache of strings that have been displayed and their associated bitmaps. Thus, I call the routine to display the word "FOO" and it keeps a reference to the string along with a copy of its bitmap implementation. If the string is later altered to say "BAR", and the routine is later called to display the word "BAR", it may notice that it has "BAR" in its cache and display the cached bitmap (which happens to look like the word "FOO").

If there were more class methods and properties that could operate with StringBuilder objects, then those could be the basis for a semi-secure-string type. Unfortunately, very few classes can accept a StringBuilder directly; nearly all would require first converting it to a normal String, which would in turn throw security out the window.

supercat9 wrote:
nearly all would require first converting it to a normal String, which would in turn throw security out the window.

Correct, which is why I was messing with the idea of wiping the string itself. I basically decided the idea was pointless once someone mentioned interned strings. If a string is interned, there is no real way to know how many references it has, and since an interned string will live for the duration of an applications execution, you'll definitely end up with problems.

I'm still trying to figure out what security scenario you are trying to protect from. Some sort of forensic analysis of memory (like wiping a hard drive)? Sorry if I misunderstand.

But the whole concept is fraught with problems. As you said, .NET and Windows is free to move and copy memory at will. Virtually any string operation will make a copy of the original string(s). What about, paging to disk? That would seem to be much more of a vulnerability.

Also, what about interning? Someone correct me if I am wrong but, doing something like this:

string firstString = "abc";
string secondString = "abc";
SecureWipe(FirstString);

...could potentially destroy the contents of secondString (because of the unsafe code pointing to the intern'ed string).

Besides, as Dave said (above), if you did something like this:

string firstString = "abc";
string secondString = "xyz";
secureWipe(firstString);
secureWipe(secondString);

firstString and secondString would likely be overwritten with the same "random" character sequence. That's not "secure". Move the instance of Random() outside of SecureWipe() so it is only executed once.

First off, this is really more of a proof of concept than a final roduct. More extensions, or perhapse a new SecureString class, could be created to handle copy, concat, modify, etc. The basic goal is to scramble strings when your done with them so that leftover strings in memory don't contain any sensitive data, and maybe encrypt the string until it needs to be read. It tries to solve the same general problem that the SecureString class in the .NET framework does.

It is possible to pin data in memory with .NET, so preventing it from being moved around by the GC is possible. I'm sure it is also possible to make it part of the non-paged pool of memory for the app, so it will never be swapped to disk. Pulling the Random out is easy to do, too...however even if all strings were scrambled with the same random data, that wouldn't matter...the original data is still gone (overwriting with random is probably moot, since its overwritten with nils and the length shrunk to 0 after, anyway...there isn't any kind of magnetic residue like there is with a hard drive, so I will probably take the random overwrites out and just use \0).

The biggest problem that you mentioned, I think, is the interned strings problem. I am not sure there is a solution to that.

Does anyone know how to set TabStop in vb.net 2003. I want to set vbTab(0) = 28 and then vbTab(1) = 3 and so on.

Never used it but list box has CustomTabOffsets property which returns a collection of offsets. Perhaps it would help.

The need to optimize rises from a bad design.My articles[^]

Mika - Thanks for the interest to resolve this issue.

I used this method below. (Item # from the String format,tab# to stop on the listbox) If (#,-#) that means to list the text on left align and if (#,#) is to list the text on right align.

Dim strfmt As String = "{0,-28}{1,-6}{2,-17}{3,-4}{4,-24}{5,-24}{6,-35}{7,-35}{8,-35}{9,10}{10,-8}{11,-10}{12,-6}{13,-3}{14,-35}{15,-7}{16,-3}{17,-35}{18,-6}{19,-5}{20,-67}{21,-35}{22,-216}{23,-6}{24,-6}{25,-6}{26,-6}{27,-6}{28,-6}{29,-6}"

For Each dr In dt.Rows()
Me.ListBox2.Items.Add(String.Format(strfmt, "", (dr("CB12")), "", (dr("CB13")), "", (dr("CB14")), (dr("CB15")), (dr("CB16")), "", (dr("CB17")), "", (dr("CB18")), "", (dr("CB19")), (dr("CB20")), (dr("cb21")), (dr("CB22")), (dr("Cb23")), "", (dr("cb24")), "", (dr("cb25")), "", (dr("cb26")), (dr("cb27")), (dr("cb28")), (dr("cb29")), (dr("cb30")), (dr("cb31")), (dr("cb32"))))
Next

Did you try the CustomTabOffsets and add those tab positions to the collection?

I'm just wondering that you have quite a lot of 'columns' you define and use. Could it be possible to use listview instead. I think it would be a lot easier to handle the visualization with that since you can define actual columns in listview and use them.

The need to optimize rises from a bad design.My articles[^]

If you can show me to set the tabbing in the listbox I would appreciate it. Yes I do have a lot of tab stops.

I would just like to say how much I loathe and detest ClickOnce - does it actually work?

Yup, works great if you only need to deploy (and regularly update) a single executable. It's a cool feature if you only use it to distribute prototypes across your LAN.

I haven't used it for anything complex though - InstallShield does it's job so well that I'm not going to frustrate myself with complex ClickOnce-setups Smile | :)

I are troll Smile | :)