Getting error when I pass the SecureString variable in a Assign activity

Hi, Can anybody please tell me the SecureString is accepted only in the Type in Secure Activity or we can use in any activity also.
Because I am getting error when I pass the secureString variable in a assign acivity.
Note - DB_Password is a secure String type.
But when I give .ToString after DB_Password it’s Okay. But suppose I should not give a .ToString because if we pass same in TypeSecure Activity there we don’t need to convert into string type.
image
@Palaniyappan @Lahiru.Fernando

What error? Please provide more details.

1 Like

Hi @KannanSuresh please see the updated post. Thanks

you can directly use the secure string as it is in type secure text activity, or in assign activity which also expects a secure string…

however, you can use several logics to transform the data in the secure string to a normal string as well. That will allow you to use that data in other places. but I don’t think this is a good approach as secure string usually contains passwords.

So for your scenario, i think you will need to convert the secure string to a string to use in the connection string you have built there…

For that, refer to this

You have to convert SecureString to String.

string dbPasswordString = new System.Net.NetworkCredential(string.Empty,DB_Password).Password

Hi Lahiru, Thanks bro.
I am not able to open the given sample workflow.

1 Like
1 Like

Hi @Lahiru.Fernando @KannanSuresh As I went throw the sample, I don’t think this a good idea.
Actually we’re using SecureString to prevent password visible from another person.
But here if we convert from SecureString to String we can see the password. The what is the use of using Secure String. ?? Please suggest me.

1 Like

Yes… I agree… But I’m not sure whether there is any other way to pass a secure string without converting into a string to a db connection… :thinking:

it accepts only string as I know… :thinking:

1 Like
  • The purpose of SecureString is to avoid having secrets stored in the process memory as plain text.
  • However, even on Windows, SecureString doesn’t exist as an OS concept.
    • It just makes the window getting the plain text shorter; it doesn’t fully prevent it as .NET still has to convert the string to a plain text representation.
    • The benefit is that the plain text representation doesn’t hang around as an instance of System.String – the lifetime of the native buffer is shorter.
  • The contents of the array is unencrypted except on .NET Framework.
    • In .NET Framework, the contents of the internal char array is encrypted. .NET doesn’t support encryption in all environments, either due to missing APIs or key management issues.

Hey @balkishan

SecureString really designed for secure communication with secure non-managed APIs.SecureString is really only useful in a client app, where for example a password is built character by character from user input.

Main advantage of using secure string over string was, that if you will use simple string for holding user private information, possible that malicious code will have access to it by executing dump of your process memory and could still access a data available in that memory location, so access the private information but In case of SecureString, instead, that location will be erased so even on memory dump you will not see anything related to the string used in your code.

one possible solution is by using windows authentication so you can out for username and password in connection string :slight_smile:

or
from .NET 4.5, Microsoft has introduced a class called SqlCredential.
it accepts securestring as a password.

SqlCredential (string userId, System.Security.SecureString password);

For More Info Refer - SqlCredential

Regards…!!
Aksh

Hi guys,

We are trying to use sharepoint activity and when try to use username password to login to site , it throws error as it is expecting us to pass string instead of secure string…

But securestring is what we want to use and we have enabled that as a workflow analyzer rule to throw error on such breaches.

so in a way, we are blocked currently. Can anyone help me if there is any way we can pass secure string via sharepoint activity in uipath?

An early response would be really helpful.

Regards
Sonali