Martin Stjernholm, Roxen IS @ Pike developers forum wrote:
It's possible, but I think it'd be unfortunate to do that. _refs is useful for debugging and even in real code occasionally. I think it'd be better to have a String.Secure class which simply doesn't use a shared string for storage.
Yes, and preferably using some kind of simple garbling mechanism to copy the string out of hiding into the normal space on a need-to-know basis.
I.e. use a simple pseudo-random number generator with a salt that is determined at runtime (when the class is instantiated) to encrypt the string, then store it in non-shared storage. Then when the string is needed, decrypt at runtime and copy to a normal string.
The only thing you can't ensure this way, is that once the string is garbage collected, that it is actually wiped from memory. Not quite sure how to solve that. Or, maybe we can. Perhaps keep a reference to the string inside the class, then after the cleartext version of the string is no longer needed, call String.Secure.wipe or something, which then throws an error when the string has more than one remaining reference, and if not, it deletes the string in a special way, which actually overwrites the physical memory location content with zeroes first (before releasing to the garbage collector).