Password Security for Scripting

Advertisement

aksarben
Joined:
Posts:
72

Password Security for Scripting

I'm unclear on the best way to securely give the SFTP account password to the .NET Assembly session object.

The documentation (https://winscp.net/eng/docs/library_sessionoptions#securepassword) seems to imply we just set the session’s SecurePassword field to a PowerShell SecureString. I can do that, but our SFTP server doesn’t know anything about PowerShell or SecureStrings. How does the server get the clear text password?

Is is the .NET Assembly somehow able to decrypt the SecureString to a clear text password? If so, how does it do that?

And if the .NET Assembly can decrypt the password, does it zeroize/erase the clear text password from memory after sending it to the SFTP server?

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,541
Location:
Prague, Czechia

Re: Password Security for Scripting

Yes, the assembly decrypts the password. It has to, for the obvious reason, which you state yourself.

It does it using Marshal.SecureStringToGlobalAllocUnicode. Though that's a technicality, that does not really matter.

Reply with quote

Advertisement

You can post new topics in this forum