Uploaded image for project: 'C# Driver'
  1. C# Driver
  2. CSHARP-697

Keep SecureStrings secure and support non-ASCII characters in passwords

    XMLWordPrintable

Details

    • Task
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • 1.7.1
    • 1.8
    • None
    • None

    Description

      Version 1.8 introduces the use of SecureString to store passwords securely, but there are still a few places where the SecureString is being converted back to a regular string. For best security, once a password has been converted to a SecureString it should never be converted back. This requires implementing password hashing differently.

      Also, the new implementation of password hashing should handle non-ASCII characters in passwords correctly by encoding the password to UTF8 before hashing it. This requires some custom UTF8 encoding logic because the standard UTF8Encoding classes only works with standard strings.

      Attachments

        Activity

          People

            robert@mongodb.com Robert Stam
            robert@mongodb.com Robert Stam
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: