I have a C # application that receives an array of bytes from an external service representing a UTF-8 encoded XML message. This XML data contains sensitive data that I would prefer not to store in a string object, since the strings are immutable and I cannot erase the values ββwhen I finish with them. I am currently using System.XML.XmlReader to parse values ββas strings (see code below). How can I do this without my code (or the code that I call) to store sensitive data as a string?
byte[] messsage = Encoding.UTF8.GetBytes(request);
sslStream.Write(messsage);
sslStream.Flush();
byte[] buffer = new byte[2048];
StringBuilder messageData = new StringBuilder();
int bytes = -1;
do
{
bytes = sslStream.Read(buffer, 0, buffer.Length);
Decoder decoder = Encoding.UTF8.GetDecoder();
char[] chars = new char[decoder.GetCharCount(buffer, 0, bytes)];
decoder.GetChars(buffer, 0, bytes, chars, 0);
messageData.Append(chars);
if (messageData.ToString().IndexOf(expectedEndTag) != -1)
{
break;
}
} while (bytes > 0);
string response = messageData.ToString();
using (XmlReader reader = XmlReader.Create(new StringReader(response)))
{
reader.ReadToFollowing("Success");
string successVal = reader.ReadElementContentAsString();
success = bool.Parse(successVal);
}
source
share