Re: MySQL 8.0: Connector/NET - SecureString
Hello Reggie
I thought I'd already replied to this but I cannot see it here, so will try again.
Essentially SqlConnection has a property called Credential which is of type SqlCredential. This has a constructor which takes a userId as a plaintext string and a password which is of type SecureString.
SqlConnection also has a constructor itself which takes a parameter of this type.
This allows the SqlConnection object to keep the connection password in memory but in a part of memory that cannot be viewed by just looking at a list of strings in the application.
If the MySqlConnection class could mirror this and provide handling for storing the password in a SecureString then it would mean on the client-side the password is not available via a simple memory dump as it currently is.
Subject
Written By
Posted
Re: MySQL 8.0: Connector/NET - SecureString
June 17, 2024 12:57PM
Sorry, only registered users may post in this forum.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.