0

I'm trying to clear the memory contents of a C# string for security reasons. I am using a ngmodel to have the user enter their username and password, once I have the password string I convert it to SecureString. However, since the password started as a plain string it is being shown in the browser memory dump.

How can I clear it from memory or at least zero it out?

user173092
  • 127
  • 1
  • 1
  • 9
  • You shouldn't worry about a browser memory dump monitor. If the browser is compromised then they most likely have the password anyways... – DFSFOT May 06 '22 at 19:22
  • I would still to have a way to clear it – user173092 May 06 '22 at 19:25
  • You have 2 different applications. 1) The browser - this is where your angular app resides. 2) Web server - this is where your c# code resides. Clearing a string from memory in one client will not clear it in the other. I state this because you are asking how to clear the memory in your c# code because you see the string value when dumping the browser's memory. These 2 applications likely will not even reside on the same device. – Igor May 06 '22 at 19:38

0 Answers0