StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
902066
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
5
CommunityOwnedDate
CreationDate
2009-05-23T17:59:50.720
FavoriteCount
0
LastActivityDate
2009-05-23T17:59:50.720
LastEditDate
LastEditorUserId
0
OwnerUserId
111554
ParentId
900610
PostTypeId
2
Score
3
ViewCount
0
LastEditorDisplayName
text
Body
If you are trying to achieve the same goal as .NET's SecureString, then your example really doesn't solve the problem. (I could be misunderstanding your goals, in which case I apologize.) The idea of .NET's SecureString is that it stores the string data encrypted in a non-managed chunk of memory, is immutable once created, and can not be read in .NET using a normal string variable. This protects the string from anyone trying to probe your memory space (i.e. malware, worm, Trojan, whatever), and must be explicitly cleaned up by you. The reasons for this involve how .NET treats strings, and the fact that data in memory is only cleaned up at the whim of the GC. Even though your SecureString class encrypts the string into a private variable, the original string that was passed in is still insecure. It can also stick around for a while before the GC collects it, or, if that string was interned, it will live for the duration of the process it resides within. Interned strings are stored in a table, which makes them easier to find, too. On the other side of things...if you Decrypt your SecureString, your getting a new string variable that could run into the same problems as the input string...it is only cleaned up when the GC decides to...and it also may end up interned and live for the duration of the process. To compound problems, every time you Decrypt, you are getting another copy of your encrypted string. This could build up a surplus of decrypted versions of your secure string, increasing the chances that some piece of malware that is probing for, say, credit card numbers...will actually find one. I have tried many times to create a better, more .NET like version of .NET 2.0's SecureString, but have never been able to produce something that is truly secure. You could get a pointer to the string variable that was decrypted, wipe it, set each character to nil, etc. However this could be very problematic in the even that something is still referencing that string, causing disappearing text, corrupted reads, etc. If the string is interned, which generally means it is being used by many things for a long duration of time, wiping it wipes the only version, and affects all use of it. Even if you managed to successfully wipe a copy of your secure string, there is no guarantee that it wasn't copied by other code before you wiped it (i.e. you send your string off to some web service...it now lives in more than one process space, quite possibly in different physical locations around the world.) Its definitely a complicated issue, and only really provides security in the event that your application's memory space has been compromised by malware of some sort.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POGeneral String Encryption
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USjrista
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. COThanks for taking the time to post. If you read the OP I do explicitly state "(Not to be confused with the 'SecureString' class.)"
 singulars
 PostPostId
 PO
 UserUserId
 USuser111370

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.