Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Sorry, but you're doing it wrong.</p> <p>People should have the following security guideline tattooed on the inside of their eyelids:<br> <strong>Never keep plain text passwords in memory.</strong></p> <p>The reason the WPF/Silverlight PasswordBox doesn't expose a DP for the Password property is security related.<br> If WPF/Silverlight were to keep a DP for Password it would require the framework to keep the password itself unencrypted in memory. Which is considered quite a troublesome security attack vector. The PasswordBox uses encrypted memory (of sorts) and the only way to access the password is through the CLR property. </p> <p>I would suggest that when accessing the PasswordBox.Password CLR property you'd refrain from placing it in any variable or as a value for any property.<br> Keeping your password in plain text on the client machine RAM is a security no-no.<br> So get rid of that "public string Password { get; set; }" you've got up there. </p> <p>When accessing PasswordBox.Password, just get it out and ship it to the server ASAP. Don't keep the value of the password around and don't treat it as you would any other client machine text. Don't keep clear text passwords in memory. </p> <p>I know this breaks the MVVM pattern, but you shouldn't ever bind to PasswordBox.Password Attached DP, store your password in the ViewModel or any other similar shenanigans.</p> <p>If you're looking for an over-architected solution, here's one:<br> 1. Create the IHavePassword interface with one method that returns the password clear text.<br> 2. Have your UserControl implement a IHavePassword interface.<br> 3. Register the UserControl instance with your IoC as implementing the IHavePassword interface.<br> 4. When a server request requiring your password is taking place, call your IoC for the IHavePassword implementation and only than get the much coveted password.</p> <p>Just my take on it. </p> <p>-- Justin </p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload