我正在使用RestSharp在我的项目中使用HTTP API。我观察到RestSharp在执行请求后将代理凭据转储到内存转储中,我想保护它免遭内存转储。 有什么方法可以防止潜在的内存转储攻击?
public bool GetConnectionStatus(ProxyCredentials proxyCredentials)
{
byte[] additionalEntropy = { 9, 8, 7, 6, 5 };
var unprotectedPwdBytes = ProtectedData.Unprotect(proxyCredentials.Password, additionalEntropy, DataProtectionScope.LocalMachine);
var secureString = new SecureString();
var webClient = new WebClient();
this.RestClient.Proxy = webClient.Proxy;
unsafe
{
// Copy the unprotected password bytes to unmanaged memory.
var srcPointer = (byte*)Marshal.StringToHGlobalAnsi(Encoding.UTF8.GetString(unprotectedPwdBytes)).ToPointer();
//// Looping through one thing at a time making sure to overwrite the values as we go
for (var index = 0; index < unprotectedPwdBytes.Length; index++)
{
secureString.AppendChar((char)(srcPointer[index] - 1));
srcPointer[index] = 0;
}
webClient.Proxy.Credentials = new NetworkCredential(proxyCredentials.UserName, secureString);
this.RestClient.Proxy.Credentials = webClient.Proxy.Credentials;
}
try
{
var request = new RestRequest("api/item/", Method.POST);
request.RequestFormat = DataFormat.Json;
IRestResponse response = this.RestClient.Execute(request);
}
catch
{
}
return true;
}