Uploaded image for project: 'C# Driver'
  1. C# Driver
  2. CSHARP-697

Keep SecureStrings secure and support non-ASCII characters in passwords

    • Type: Icon: Task Task
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 1.8
    • Affects Version/s: 1.7.1
    • Component/s: None
    • None

      Version 1.8 introduces the use of SecureString to store passwords securely, but there are still a few places where the SecureString is being converted back to a regular string. For best security, once a password has been converted to a SecureString it should never be converted back. This requires implementing password hashing differently.

      Also, the new implementation of password hashing should handle non-ASCII characters in passwords correctly by encoding the password to UTF8 before hashing it. This requires some custom UTF8 encoding logic because the standard UTF8Encoding classes only works with standard strings.

            Assignee:
            robert@mongodb.com Robert Stam
            Reporter:
            robert@mongodb.com Robert Stam
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: