0

If you use the System.DirectoryServices.AccountManagement.PrincipalContext constructor that takes a user name and password, that user name and (more disconcertingly) password are held internally as plain text strings in the object.

Is there a way around this obvious security risk?

Jim
  • 4,910
  • 4
  • 32
  • 50
  • Where do you got this information from? – Venson Oct 23 '14 at 20:43
  • From debugging the PrincipalContext. If you drill down into the object in the debugger, you can see the user name and password as plain text. – Jim Oct 24 '14 at 01:10

0 Answers0