Securing State Data
Applications that handle sensitive data or make any kind of security decisions need to keep that data under their own control and cannot allow other potentially malicious code to access the data directly. The best way to protect data in memory is to declare the data as private or internal (with scope limited to the same assembly) variables. However, even this data is subject to access you should be aware of:
- Using reflection mechanisms, highly trusted code that can reference your object can get and set private members.
- Using serialization, highly trusted code can effectively get and set private members if it can access the corresponding data in the serialized form of the object.
- Under debugging, this data can be read.
Make sure none of your own methods or properties exposes these values unintentionally.
In some cases, data can be declared as "protected," with access limited to the class and its derivatives. However, you should take the following additional precautions due to additional exposure:
- Control what code is allowed to derive from your class by restricting it to the same assembly or by using declarative security, described in Securing Method Access, to require some identity or permissions in order for code to derive from your class.
- Ensure that all derived classes implement similar protection or are sealed.