Hello there,
I just found that the compiled code won't hide the string variables so
that I can see them by opening the execuable using Notepad. I have
couple applications that have password hardcoded and I've been thinking
that the string varialbes are hidden in compiled code. I knew that the
VS.NET doesn't compile the source code into machine code. But I didn't
know that it will expose string variables in the compiled code. Here is
my code:
static private string Hello1 = "Hello my world";
private void button1_Click(o bject sender, EventArgs e)
{
string filePath = @"C:\Windows\No tepad.exe";
string userName = "Username";
string password1 = "MyPassword ";
// ProcessStartInf o psi = new ProcessStartInf o(args[0]);
ProcessStartInf o psi = new ProcessStartInf o(filePath);
psi.UserName = userName;
psi.Password = ConvertStringTo SecureString(pa ssword1);
psi.Domain = "";
psi.UseShellExe cute = false;
psi.CreateNoWin dow = true;
psi.WindowStyle = ProcessWindowSt yle.Hidden;
Process.Start(p si);
}
private static SecureString ConvertStringTo SecureString(st ring
password)
{
SecureString tempSecureStrin g = new SecureString();
foreach (char c in password)
{
tempSecureStrin g.AppendChar(c) ;
}
return tempSecureStrin g;
}
When I opened the compiled version using the notepad, I see this in the
middle of text:
-- snippet --
ControlCollecti on get_Controls Add ResumeLayout
WindowsApplicat ion1.Properties .Resources.reso urces
WindowsApplicat ion1.Form1.reso urces QW i n d o w s A p p l i c a t
i o n 1 . P r o p e r t i e s . R e s o u r c e s -C : \ W i n d o w s
\ N o t e p a d . e x e U s e r n a m e M y P a s s w o r d b u
t t o n 1 F o r m 1 H e l l o m y w o r l d Asì*½???^쩾?
톧\V4?
! %
-- snippet --
Clearly, I can see the hello1, filepath, username, password values.
I am using VS.NET 2005 with Framework v2.0. And I found the RunAs code
sample from Web sites. Many sites have the examples.
I have to hardcode the password in my application in SECURE way. Could
someone give me an example or tips? I appreciate your help.