The hormal strings are kept as plain-text in memory and thus unsecure. You can even make the string immutable so it behaves as a read-only string and makes a single copy of it. MoreOver, you can wipe it out of the memory from code by calling its Dispose() method.
A SecureString object is very much similar to a String object with differences like being automatically encrypted whenit is initialized or modified, can be modified until the application marks it as read-only, and can be deleted from computer memory by either the application or the .NET Framework garbage collector.
You could prevent furthur modification to the SecureString object using the MakeReadOnly method.
And you can use the SecureStringTOBSTR method of the System.Runtime.InteropServices.Marshal class to read the secure data
You could create a SecureString like follows:
To create a SecureString, You have to append a single character at a time.
System.Security.SecureString secString = new System.Security.SecureString();
To make it immutable use the MakeReadOnly method.
To read the secure value, use the SecureStringToBSTR() method as follows:
IntPtr ptr = System.Runtime.InteropServices.Marshal.SecureStringToBSTR(secString);
string sDecrypString = System.Runtime.InteropServices.Marshal.PtrToStringUni(ptr);
And you can dispose using the Dispose() method: