I know a string is immutable, but is there any trick or any other way
to destroy a string

Thanks
www.quiznetonline.com

Well, as long as it isn't interned, it should (AFAIK) simply get
collected when available... do you have a specific situation in mind?

Marc

Strings are objects and so, the GC controls when objects are removed from
the heap.


"Mark C" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I know a string is immutable, but is there any trick or any other way
> to destroy a string
>
> Thanks
> www.quiznetonline.com
>

Not really, I assume you're worried about things like passwords ending
up in the page file and the like. MS introduced the SecureString in V2,
then revoked it in V3 (at least stopped using it) as it's just not
secure. You can also try playing with volatile char arrays, I've heard
that's an option in that you can be (fairly) sure it's overwritten when
you overwrite each element. I recall issues with volatile, but I don't
use it so don't know what they are. There are also some Win32 API calls
which can allocate a bit of the page file (working from memory here,
basically just google password dotnet secure, that sort of thing) but
again that's problematic.
Sorry for being nebulous, I did look at this a while ago and came to
the conclusion that no there's no bulletproof way of protecting
strings, just try and hold them in memory for the shortest period
possible.


Mark C wrote:
> I know a string is immutable, but is there any trick or any other way
> to destroy a string
>
> Thanks
> www.quiznetonline.com

hi

What u mean with destroy it?



--
Ignacio Machin
machin AT laceupsolutions com



"Mark C" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I know a string is immutable, but is there any trick or any other way
> to destroy a string
>
> Thanks
> www.quiznetonline.com
>

I imagine he means remove it from memory (the heap).


"Ignacio Machin ( .NET/ C# MVP )" <machin TA laceupsolutions.com> wrote in
message news:%(E-Mail Removed)...
> hi
>
> What u mean with destroy it?
>
>
>
> --
> Ignacio Machin
> machin AT laceupsolutions com
>
>
>
> "Mark C" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>I know a string is immutable, but is there any trick or any other way
>> to destroy a string
>>
>> Thanks
>> www.quiznetonline.com
>>
>
>

On 3 Jan 2007 06:11:00 -0800, "Mark C" <(E-Mail Removed)>
wrote:

>I know a string is immutable, but is there any trick or any other way
>to destroy a string
>
>Thanks
>www.quiznetonline.com

On 3 Jan 2007 06:11:00 -0800, "Mark C" <(E-Mail Removed)>
wrote:

>I know a string is immutable, but is there any trick or any other way
>to destroy a string
>
>Thanks
>www.quiznetonline.com
Not so much destroy the string as overwrite it:

/// <summary>
/// Overwrites a string in-situ. Useful for removing
/// evidence of keys, passwords etc.
/// </summary>
/// <param name="text">The string to overwrite.</param>
public static unsafe void OverwriteString(string text) {
const char overwriteChar = 'X';
fixed (char* cp = text) {
for (int i = 0; i < text.Length; ++i) {
cp[i] = overwriteChar;
} // end for
} // end fixed
} // end OverwriteString()

The string is still on the heap, but the sensitive information it
contained is no longer there.

rossum

"rossum" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On 3 Jan 2007 06:11:00 -0800, "Mark C" <(E-Mail Removed)>
> wrote:
>
>>I know a string is immutable, but is there any trick or any other way
>>to destroy a string
>>
>>Thanks
>>www.quiznetonline.com
> Not so much destroy the string as overwrite it:
>
> /// <summary>
> /// Overwrites a string in-situ. Useful for removing
> /// evidence of keys, passwords etc.
> /// </summary>
> /// <param name="text">The string to overwrite.</param>
> public static unsafe void OverwriteString(string text) {
> const char overwriteChar = 'X';
> fixed (char* cp = text) {
> for (int i = 0; i < text.Length; ++i) {
> cp[i] = overwriteChar;
> } // end for
> } // end fixed
> } // end OverwriteString()
>
> The string is still on the heap, but the sensitive information it
> contained is no longer there.

The current location of the buffer is wiped, but if the string survived a
generation, the garbage collector has made copies

>
> rossum
>

On Wed, 3 Jan 2007 16:13:58 -0600, "Ben Voigt" <(E-Mail Removed)>
wrote:

>
>"rossum" <(E-Mail Removed)> wrote in message
>news:(E-Mail Removed)...
>> On 3 Jan 2007 06:11:00 -0800, "Mark C" <(E-Mail Removed)>
>> wrote:
>>
>>>I know a string is immutable, but is there any trick or any other way
>>>to destroy a string
>>>
>>>Thanks
>>>www.quiznetonline.com
>> Not so much destroy the string as overwrite it:
>>
>> /// <summary>
>> /// Overwrites a string in-situ. Useful for removing
>> /// evidence of keys, passwords etc.
>> /// </summary>
>> /// <param name="text">The string to overwrite.</param>
>> public static unsafe void OverwriteString(string text) {
>> const char overwriteChar = 'X';
>> fixed (char* cp = text) {
>> for (int i = 0; i < text.Length; ++i) {
>> cp[i] = overwriteChar;
>> } // end for
>> } // end fixed
>> } // end OverwriteString()
>>
>> The string is still on the heap, but the sensitive information it
>> contained is no longer there.
>
>The current location of the buffer is wiped, but if the string survived a
>generation, the garbage collector has made copies
>
There may also be a copy on disk in swapspace, on automatic backups
and written on a post-it under the keyboard. It is not possible to be
completely secure, all that is possible is to make the attacker's job
more difficult.

rossum