From: Peter Duniho on
Meron LAVIE wrote:
> [...]
> I *heartily* recommend that people read up on Intern. I am embarrased to
> say that after nearly 8 years in .NET that this is the first time I've
> encountered this.

Well, string interning is an implementation detail that most programmers
never have to concern themselves with, because they aren't trying to
modify what are normally opaque data structures.

I recommend you use the SecureString class Patrice mentioned, or write
your own. Don't muck with the internals of the System.String class.
Even if you figure out how to get things to work now, there could be
some change in implementation later that breaks your code.

From: Kerem Gümrükcü on

> you cannot guarantee that you removed every trace from
> memory.

Thats true, but you can work with either raw pinvoke memory
and functions and then zero everything you used, fore garbage
collect on several "confidential" data and objects (but only at a certain
level for sure). Another more secure way is using the Crypto API
of Windows, since it works with opaque handles and no sensetive
data can be accessed that easy. It also has some secure memory
allocation/deallocation functions (mostly internally standard WinAPI),
but a good start! But i think using SecureString is the best thing
if you want to stay on pure and stable .NET Code. here is a Helper
i wrote (for the OP if he has use for it), that creates a SecureString
from a ordinary String:

public static SecureString CreateSecureString(string UnsecureString)
SecureString ss = new SecureString();

foreach (char c in UnsecureString.ToCharArray())

return ss;

Good Luck to the OP!



Beste Gr�sse / Best regards / Votre bien devoue
Kerem G�mr�kc�
Latest Project:
Latest Open-Source Projects: