Is it in any way better to do this char[] sec = { ‘a’,

Question

0

Asked: May 23, 20262026-05-23T11:36:20+00:00 2026-05-23T11:36:20+00:00

Is it in any way better to do this char[] sec = { ‘a’,

0

Is it in any way better to do this

char[] sec = { 'a', 'b', 'c'};

SecureString s = new SecureString();
foreach (char c in sec) {
    s.AppendChar(c);
}

IntPtr pointerName = System.Runtime.InteropServices.Marshal.SecureStringToBSTR(s);
String secret = System.Runtime.InteropServices.Marshal.PtrToStringBSTR(pointerName);

than this

String secret = "abc";

or this

char[] sec = { 'a', 'b', 'c'};
String secret = new Secret(sec);

if I want to protect “abc” from beeing detected in decompiled MSIL code?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-23T11:36:20+00:00

Editorial Team

2026-05-23T11:36:20+00:00Added an answer on May 23, 2026 at 11:36 am

SecureString will protect your string once in memory, the string compiled into your MSIL will still be there in plain. If you need to hide sensitify information conside something like an encrypted app.config as described here: http://weblogs.asp.net/jgalloway/archive/2008/04/13/encrypting-passwords-in-a-net-app-config-file.aspx

HTH
Dominik

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Is it in any way better to do this char[] sec = { ‘a’,

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply