Developing ASP.NET MVC Web Applications — Question 28

You are developing an ASP.NET MVC application that will run in a shared environment.
The application requests the user's password, and then uses the password to sign data.
You need to minimize the potential for the password to be discovered by other processes that run in the shared environment. What should you do?

Answer options

• A. Add the SecuritySafeCriticalAttribute attribute to the methods which process the password.
• B. Store the password in a SecureString instance.
• C. Encrypt the password on the web page, and decrypt the password in the MVC application.
• D. Run the code that processes the password in its own AppDomain.

Correct answer: D

Explanation

Running the code that processes the password in its own AppDomain isolates it from other processes, thereby minimizing exposure. The other options either do not provide sufficient protection against discovery or do not address the shared environment risks effectively.