Update a comment in Credential.cs to make it accurate (#3194)

2017-02-24 16:55:50 -08:00 · 2017-02-24 16:55:50 -08:00 · 21c8a90cc1
parent 254afcba04
commit 21c8a90cc1
1 changed files with 4 additions and 3 deletions
--- a/src/System.Management.Automation/engine/Credential.cs
+++ b/src/System.Management.Automation/engine/Credential.cs
@ -273,9 +273,10 @@ namespace System.Management.Automation
                if (IsValidUserName(_userName, out user, out domain))
                {
 #if CORECLR
-                    // NetworkCredential constructor only accepts plain string password in CoreCLR
-                    // Since user can already access the plain text password via PSCredential.GetNetworkCredential().Password,
-                    // this change won't be a security issue for PS on CSS.
+                    // NetworkCredential constructor only accepts plain string password in .NET Core.
+                    // TODO: This raises security concerns about having the plain string password in memory
+                    // for an indefinite period of time. So we need to change back to the constructor that 
+                    // takes a SecureString password once it becomes available in .NET Core.
                    IntPtr unmanagedPtr = IntPtr.Zero;
                    try
                    {