Crouchie,
| If you look at one of the KB articles about encryption then Microsoft use
| ZeroMemory to clear the password. So, you are going against their
| recommendations if you don't. Its also mentioned in the Platform SDK to
use
| it after using LoginUser API function.
I would say you are going against their "suggestion" if you don't. Not
"recommendations".
See the "sizeof? is there a .NET equivalent" thread in this newsgroup for
further info on the "problems" of calling ZeroMemory.
Keith Brown's book "The .NET Developer's Guide to Windows Security" from
Addison Wesley contains a plethora of information on security under Win32 &
specifically .NET. I want to say it included a discussion of "zeroing"
memory. You can access the book on-line at:
http://www.pluralsight.com/keith/book/html/book.html, unfortunately I don't
remember which topics discussed "zeroing" memory.
Thinking about it, it may have been one of Keith Brown's MSDN Magazine
articles that discusses "zeroing" memory in .NET, or possible even his
blog...
Hope this helps
Jay
"Crouchie1998" <cr**********@spamcop.net> wrote in message
news:%2****************@TK2MSFTNGP14.phx.gbl...
| If you look at one of the KB articles about encryption then Microsoft use
| ZeroMemory to clear the password. So, you are going against their
| recommendations if you don't. Its also mentioned in the Platform SDK to
use
| it after using LoginUser API function.
|
| What if the user is using the 1.0 or 1.1 Framework & not version 2.0 of
the
| Framework?
|
| I am reading the Secure String article from the .Net Framework 2.0 Beta 2
| Documentation & said that it 'should' be included in the final framework,
| not 'would' as yet.
|
| In the .Net Framework 1.0 & 1.1, I would recomment to use
| ZeroMemory("[String]", [StringLength * 2])
|
| In the old days of NT, it wasn't even used to clear the login password
from
| memory & I am not sure its used in XP, but is in 2000.
|
| At the end of the day, it's up-to the user if they want a secure/insecure
| application.
|
| Crouchie1998
| BA (HONS) MCP MCSE
|
|