Live updating line graph in wpf
If WPF/Silverlight were to keep a DP for Password it would require the framework to keep the password itself unencrypted in memory.
Which is considered quite a troublesome security attack vector.
To unblock a file, right click on it, and select properties, and then select the ‘unblock’ button.
I have come across a problem with binding to a Password Box.
However, the plain text value of Secure String can still be extracted quite easily and only deters novice hacks. Maybe I am missing something, but it seems like most of these solutions overcomplicate things and do away with secure practices.
If your system is at risk of covertly employing key loggers and sniffers like Snoop, your should re-evaluate at your system security. This method does not violate the MVVM pattern and maintains complete security. In this case, we are just manually coding a binding, so its all considered part of the UI implementation and therefore is ok. I made it "write only" since there shouldn't be a need to retrieve it from outside the View Model for any reason, but it doesn't have to be.
So get rid of that "public string Password " you've got up there. Password, just get it out and ship it to the server ASAP.
Don't keep the value of the password around and don't treat it as you would any other client machine text. I know this breaks the MVVM pattern, but you shouldn't ever bind to Password Box.
Yes, this prevents Snoop from displaying the password in plain text.
My 2 cents: I developed once a typical login dialog (user and password boxes, plus "Ok" button) using WPF and MVVM. Yes, technically it is code behind, but it is nothing more than a "special case" binding. Note that it is a Secure String, not just a string.
I solved the password binding issue by simply passing the Password Box control itself as a parameter to the command attached to the "Ok" button. This solved a huge problem I had with moving the data from the UI thread to the main program thread. The View Model still has no knowledge of the View implementation, which in my mind it does if you are trying to pass the Password Box in to the View Model. With this method, your password remains in a Secure String at all times and therefore provides maximum security.
The Password Box uses encrypted memory (of sorts) and the only way to access the password is through the CLR property.
I would suggest that when accessing the Password Box.
Search for live updating line graph in wpf:
Create the IHave Password interface with one method that returns the password clear text. Have your User Control implement a IHave Password interface. Register the User Control instance with your Io C as implementing the IHave Password interface. When a server request requiring your password is taking place, call your Io C for the IHave Password implementation and only than get the much coveted password. -- Justin I agree with your intention and the message you are conveying but your answer implies that the password string is never in memory if you follow this approach.