I saw this thread : When would I need a SecureString in .NET? the

Question

0

Editorial Team

Asked: May 27, 20262026-05-27T21:42:09+00:00 2026-05-27T21:42:09+00:00

I saw this thread : When would I need a SecureString in .NET? the

0

I saw this thread :

When would I need a SecureString in .NET?

the code there is :

SecureString password = new SecureString("password");

vs

SecureString pass = new SecureString();
foreach (char c in "password".ToCharArray())
    pass.AppendChar(c);

And I do understand the benefits of the second one ( adding char by char) – so that the hacker will not be able to track all chars which in random places in memory ( vs one string in mem which he can find).

The Part which I dont understnad is that part :
enter image description here

that yellow code is deferentially in memory !

so … where is the benefit ?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-27T21:42:09+00:00

The 2nd code sample with ToCharArray() just demonstrates the restricted way for filling a securestring. It is not a sample of a (best) practice.

The thread you link to provides most of the answers: Securestring provides a partial solution to avoiding plain-text passwords (in memory). Not a complete solution.

But take these 2 points from the accepted answer:

WPF’s PasswordBox control keeps the password as a SecureString internally.
System.Diagnostics.ProcessInfo’s Password property is a SecureString.

Together they would allow you to safely transfer a password to a process.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I saw this thread : When would I need a SecureString in .NET? the

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply