Doubt regarding Plain text password use at dotnet class.

Hello Team,

This query is about security.

I am creating a DirectoryEntry object using DirectoryEntry (string path, string username, string password) constructor at PowerShell. As you can see the constructor expecting string only, so I can’t use secure string to construct the object. So I am building the object by supplying plain text password using GetNetworkCredential() method of pscredential object (by enumerating password property).

Now my concern is about the security as I mentioned above. I cannot see/found any other option for building the object using secure credential. So is it a secure way to build the object using plain text password? I am not sure about the background mechanism of how this class works. So if someone sniffing the network, will he/she able to see the password? If so, how can I manage this situation?



IMO, It’s okay. In fact the DirectoryEntry class accepts only string.