模仿用户时如何将SecureZeroMemory与LogonUser一起使用?
[英]How do I use SecureZeroMemory with LogonUser when impersonating a user?
问题描述
When is it necessary or recommended to add the function SecureZeroMemory ? 
什么时候需要或建议添加功能SecureZeroMemory ?
Neither this MSFT sample for WindowsImpersonationContext , or these Stackoverflow questions link link2 even mention the SecureZeroMemory function. 这个用于WindowsImpersonationContext的MSFT示例或这些Stackoverflow问题链接 link2都没有提到SecureZeroMemory函数。
Should I implement this function (or perhaps ask the owner of the accepted answers to include this feature?) 我应该实现此功能(还是要求已接受答案的所有者包括此功能?)
1 个解决方案
解决方案1
1 2013-02-28 06:31:00
SecureZeroMemory is, as the name would imply, a way to set a block of memory to all 0x00 values, although it has the following idiosyncracies: SecureZeroMemory , SecureZeroMemory是一种将内存块设置为所有0x00值的方法,尽管它具有以下特质:
- It will never be optimized out by a compiler 永远不会被编译器优化
- ... ...
- Actually, that's the only difference I can think of. 实际上,这是我能想到的唯一区别。
As @user629926 mentions, the SecureString class, as awkward as it can be to use, is a "safe" way of holding onto string data in memory without worrying that if your app crashes, someone can sift through the memory dump and find your raw sensitive data in it. 正如@ user629926所提到的, SecureString类虽然使用起来很尴尬,但却是一种保存内存中string数据的“安全”方式,而不必担心如果您的应用程序崩溃了,有人可以在内存转储中进行筛选并找到您的原始文件其中的敏感数据。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.