社内システムにログインする際に、パスワードはSecure String型で変数作成するように教わりましたが、Secure String型変数を生成する際に、パスワード本体がハードコーディングされています。下記の構文の"パスワード"がパスワード本体
New System.Net.NetworkCredential(String.Empty,“パスワード”).SecurePassword
これではセキュアでないと思うのですが、パスワードをSecure String型で変数作成する意味は何でしょうか?パスワード入力時に眼に見えないくらいのセキュリティレベルでしょうか。
Hi @gorby
When creating a SecureString variable to store a password, it is important to ensure that the password is not hardcoded directly in the code, as you correctly pointed out. Storing the password directly in the code would defeat the purpose of using a SecureString.
The main advantage of using a SecureString to store a password is to enhance the security and protection of sensitive information, such as passwords, in memory. Unlike a regular string, a SecureString encrypts the characters and stores them in an encrypted format in memory. This helps to prevent the password from being easily accessible or readable by malicious actors who may try to exploit the application.
Regards!
Thank you for your reply.
Are there any means to prevent SecureString from hardcoded?
Hello,
You could store the credential in Orchestrator as a Credential Asset, or in Windows Credential Manager if you do not have an Orchestrator available.
If stored in Orchestrator, use Get Credential activity to get the username / password ( Activities - Get Credential / Get Orchestrator Credential (uipath.com)). If stored in Windows Credential Manager, use the Get Secure Credential activity to get the username / password (Activities - Get Secure Credential (uipath.com))
As you are the developer, you should ensure the security of the project, in this case the best way is using orchestrator assets
Regards
Sorry, but we do not have UiPath orchestrator.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.
Anil_G
fernando_zuluaga
selinsecmen
arjunshenoy
Snowman
Suresh_Reddy
jackie.yue