-
Notifications
You must be signed in to change notification settings - Fork 899
Added secure string support for credentials #1050
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
One thing I will say before anyone merges this is that I did consider making the existing credentials and this one share a generic interface, but this was the simplest thing that worked. I figured "Copy paste once: ok. Copy paste twice: stop. Refactor." |
I might have been quick on the draw there. I'm thinking maybe |
Makes sense, indeed. Could you please amend your commit with this change? |
var chars = str.ToCharArray(); | ||
|
||
var secure = new System.Security.SecureString(); | ||
for (var i = 0; i < secure.Length; i++) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't this be chars.Length
?
I'd say keep the Username as a secure string, tbh. The username can be sensitive enough data to brute force the password on some providers. :P |
Actually, nevermind, just saw that NetworkCredential does use a string. |
Yes. It should have been. I would have thought something would have failed if the wrong password got sent in... Either way, I corrected that. |
Okay... I don't get it. I've run the tests locally several times. Results seem intermittent. Sometimes everything passes. Sometimes I get failures. Failures are never the same tests and if I simply re-run the failed tests, they pass. Is this a known issue? |
I've restarted the build. And it passed. Giving a look at the previous AppVeyor logs, looked like a GitHub transient issue. |
🆒 Before we merge this in, could you please squash those commits together into a nice cohesive one? We tend not to merge review commits. |
Thanks @nulltoken. Much appreciated. Keep up the good work @ALL. Love the library. Thanks for all your hard work on it (and for helping me to contribute in my own small way)! |
Added secure string support for credentials
@ckuhn203 Every contribution is welcome. Yours was very thoughtful! Thanks a lot for it. ✨ ✨ |
Published as NuGet pre-release package |
👍 thanks again. I'll keep my eye on the easy fixes. |
Issue #1048
I added some extra comments and a helper function in the constants class as well. Obviously I removed my credentials before committing and turned the tests back off, but they passed. You can use this snippet to re-instate them for this change.