Search code examples
c#stringsecuritypassword-protectiondata-protection

How can i secure Strings in e.g. C#

is it possible to secure Strings in C# to prevent... i call it "String Attacks"?

Here is a sample:

...
const String username = "friend";
const String password = "letmein";
String encoded = Convert.ToBase64String(Encoding.GetEncoding("ISO-8859-1").GetBytes(username + ":" + password));

WebRequest request = WebRequest.Create("http://xxx.xxx.xxx.xxx/");
WebResponse response = request.GetResponse();

Stream dataStream = response.GetResponseStream();  
StreamReader reader = new StreamReader(dataStream); 
string responseFromServer = reader.ReadToEnd(); 

lbl_status.Text = responseFromServer;

reader.Close();  
response.Close();
...

If i compile & run it, with Sysinternals Process Explorer i can read the stored Strings.

Sysinternals Process Explorer Screenshot

Is there a way to encrypt the Strings?

Greetings mok

Solution

  • Thanks @Alejandro!

    The Answer to my Question is "NO".

    That's why you should never hardcode passwords in source code.