If I write a C# app and compile to .NET, or .NET Core, or even Mono, can external apps access the memory in the running process?
I.e. if I write this line of code:
var password = "some password";
Could a piece of malware scan through the memory addresses of the process and get the string?
I guess the question is somewhat OS specific. And, I guess it would also depend on what access privileges the malware has, right? I'm guessing that answer to my question would be different from say MacOS/Linux to Windows, right?
Edit: Is there any conceivable way of protecting a string in memory? Is there some encryption mechanism that could achieve this?
One thing I can do to mitigate the problem is to use SecureString. But, it's not perfect:
Microsoft's recommended approach is to:
Instead of using SecureString to protect passwords, the recommended
alternative is to use an opaque handle to credentials that are stored
outside of the process.
Although, this isn't a concrete answer. It's too abstract for me to understand what they are recommending I do.