[CSHARP-697] Keep SecureStrings secure and support non-ASCII characters in passwords Created: 08/Mar/13 Updated: 20/Mar/14 Resolved: 08/Mar/13 |
|
| Status: | Closed |
| Project: | C# Driver |
| Component/s: | None |
| Affects Version/s: | 1.7.1 |
| Fix Version/s: | 1.8 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Robert Stam | Assignee: | Robert Stam |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Description |
|
Version 1.8 introduces the use of SecureString to store passwords securely, but there are still a few places where the SecureString is being converted back to a regular string. For best security, once a password has been converted to a SecureString it should never be converted back. This requires implementing password hashing differently. Also, the new implementation of password hashing should handle non-ASCII characters in passwords correctly by encoding the password to UTF8 before hashing it. This requires some custom UTF8 encoding logic because the standard UTF8Encoding classes only works with standard strings. |
| Comments |
| Comment by auto [ 08/Mar/13 ] |
|
Author: {u'date': u'2013-03-08T16:29:42Z', u'name': u'rstam', u'email': u'robert@10gen.com'}Message: |