{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 你好瞎i 的问题《Safety benefits of the Password in WPF PasswordBox》','https://www.manongdao.com/q-675285.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I just stumbled across the fact that the Password property of WPF PasswordBoxes is not bindable for security reasons, which makes using them quite cumbersome in a MVVM context.
Answers like https://stackoverflow.com/a/1493330/3198247 suggest that otherwise, the password might be stored in plain text in memory at runtime, which would be a bad idea since it could potentially be read by malware.
However, I still don't seem to understand the reason in general or that answer. There, it says Keeping your password in plain text on the client machine RAM is a security no-no.. However, the password is in memory as soon as it is typed as I'm able to access it from code. So why would malware not be able to read it directly from the textbox? Am I missing another point here?
edit: To clarify, esp. w/ regards to Sheridan's answer: Assume a PasswordBox where a user types "pw" as his password. Then, clearly "pw" is in memory as I can retrieve it via PasswordBox.Password. Why is it then insecure to additionally be able to bind it to a string property of a ViewModel? Then, "pw" would at most be contained in two strings, but as far as I can see, this should not make it any more or less secure. Or is the point really to "remind" the programmer that the PW should not be stored for longer than needed?
You are missing something.
Plain passwords should never be stored in a database. Instead, passwords are encrypted and then stored in the database. When a user tries to log in, they type their text which you should immediately encrypt and compare to the encrypted password from the database.
Therefore, we never see the unencrypted password, either in the database, or the code.
Have a read of this answer Why is char[] preferred over String for passwords? I know it is java but I believe the same rule apply. But depending on the level of security required for your system it should be enough. Theres always ways that malware will obtain information e.g. keylogging but theres only so much you can do.