0

I was creating a form with a password box and was getting an error when I was trying to bind it to a property in my view model.

I did a bit of research and found out that because of security reasons it was made not bindable. I am not really a person who can just accept that, I want to know the reason why. What makes naming the property and calling .password more secure than it being bound to a property in the view model?

I also found out that you can use attached properties to make it bindable. Is this any more secure?

4

2 回答 2

1

您要求的原因是您永远不应该在内存中使用纯文本密码。暴露密码的依赖属性需要框架在内存中保持密码未加密,直到它被垃圾收集,这被认为是安全问题。

于 2015-06-04T10:38:39.533 回答
0

使用 WPF Inspector 或 Snoop 等工具,您可以窥探密码字符串。所以绑定密码是不安全的

于 2015-06-04T10:38:55.403 回答