It’s important to understand what SecureString can and can’t do. Yes, it isn’t a great story that different activities require different inputs (some require SecureString and others require a string) and this is something we will evaluate going forward at UiPath. However, even Microsoft in their official docs now discourages the use of SecureString as it does very little to improve security in most cases and the name implies security where very little is added. See the Secure string shouldn’t be used as linked from the SecureString class documentation.
Saying “requiring the conversion to a string will result in the contents being exposed” is a good example of the name “Secure” implying security where it doesn’t actually exist. SecureString does not in anyway protect the contents of the SecureString from being accessed by a legitimate user on the machine. The contents of the SecureString are stored unencrypted in memory in plain text during the lifetime of the SecureString object. What SecureString string does is make sure that when it goes out of scope, the contents are erased, they don’t have to wait to be garbage collected. This has some value in a server process that is taking things like passwords from users, so if a hacker is able to collect a memory dump there will be less out of scope values available that are waiting to be garbage collected, but it doesn’t protect anything that is in scope.
The more important things to account for when designing a process that uses passwords are:
- Make sure passwords are never stored with the source of the process (e.g. Uber was hacked because credential information was checked into source control).
- If a password is very sensitive such that you don’t want a developer to have access to it, make sure it’s retrieved in a way that allows different values to be used during development vs. in production, and ensure only the production team knows the production credentials
- Ensure good practices of what the automation does with the password. Whether it’s stored as a string or a SecureString the more important thing is understanding what the automation is doing with the password. A “Type Secure Text” activity will type the contents into any field. It’s much more likely to have a security problem due to typing secret information somewhere it shouldn’t be (e.g. into some field that ends up in a plain text log as happened to Twitter) than someone getting the value from process memory between the time it was disposed and actually garbage collected.
- For extra sensitive things, use frequent credential rotation