Commented Issue: Passwords in memory [1169]

<p>Hello!</p>
<p>&nbsp;</p>
<p>I wrote a simple application for forwarding local ports, it works great and was really easy!</p>
<p>&nbsp;</p>
<p>But i have one concern, when investigating the memory of my application i found that my password was found no less then 13 times. I tried to remove it but setting _password (in PasswordConnectionInfo) to null after successful authentication but without luck.</p>
<p>&nbsp;</p>
<p>Would it be possible to either encrypt the password stored in memory or after authentication, remove it completely from memory?</p>
<p>&nbsp;</p>
<p> </p>
<p>&nbsp;</p>
<p>Also, my application clears the passwordbox used for entering the password. This is how i establish a connection:</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>void initSSHClient()</p>
<p> {</p>
<p> client = new SshClient(tbHost.Text, tbUsername.Text, pbPassword.Password);</p>
<p> client.ConnectionInfo.AuthenticationBanner &amp;#43;= new EventHandler&lt;Renci.SshNet.Common.AuthenticationBannerEventArgs&gt;(ConnectionInfo_AuthenticationBanner);</p>
<p> client.Connect();</p>
<p> if (client.IsConnected)</p>
<p> {</p>
<p> pbPassword.Clear();</p>
<p> }</p>
<p> }</p>

Comments: ** Comment from web user: olegkap **

Hey Guys,
Sorry could not address this issue earlier. Didnt have time for this project for a while.
I added ability to provide password as byte array, which you can clean up later after you connected.
Please let me know if this will fix your issue.

Thanks,
Oleg