You are correct. And that's why there is a $host.UI.PromptForCredential "requirement" in a PowerShell host.
However, as I know that YOU know, security must always be balanced against usability. :-) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -----Original Message----- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Monday, November 07, 2011 11:27 AM To: MS-Exchange Admin Issues Subject: Re: Slightly OT: Creating Explicit Credentials in PowerShell for WMI, Exchange, Lync, Remoting, etc. Just note that, AFAIK, the intended purpose of SecureString is to avoid storing the entire password verbatim in memory where a malicious program could discover it, and passing in a string argument means the CLR might intern that string for a while... this is why SecureString has no string constructor. I know, I know, it's pretty tough to avoid reading a password as a string unless you're prompting the user for char-by-char console input... or maybe reading one char at a time from a crypto stream... --Steve On Mon, Nov 7, 2011 at 11:08 AM, Michael B. Smith <mich...@smithcons.com> wrote: > New blog post: Creating Explicit Credentials in #PowerShell for WMI, > #Exchange, #Lync, Remoting, etc. > http://theessentialexchange.com/blogs/michael/archive/2011/11/07/creating-explicit-credentials-in-powershell-for-wmi-exchange-lync-remoting-etc.aspx > http://bit.ly/vKfIMN > > Regards, > > Michael B. Smith > Consultant and Exchange MVP > http://TheEssentialExchange.com > > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist > > --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
