Will SecureString give me any advantage when it comes to MSIL decompilation?

Is it in any way better to do this

char[] sec = { 'a', 'b', 'c'};

SecureString s = new SecureString();
foreach (char c in sec) {
    s.AppendChar(c);
}

IntPtr pointerName = System.Runtime.InteropServices.Marshal.SecureStringToBSTR(s);
String secret = System.Runtime.InteropServices.Marshal.PtrToStringBSTR(poin开发者_StackOverflow中文版terName);

than this

String secret = "abc";

or this

char[] sec = { 'a', 'b', 'c'};
String secret = new Secret(sec);

if I want to protect "abc" from beeing detected in decompiled MSIL code?

SecureString will protect your string once in memory, the string compiled into your MSIL will still be there in plain. If you need to hide sensitify information conside something like an encrypted app.config as described here: http://weblogs.asp.net/jgalloway/archive/2008/04/13/encrypting-passwords-in-a-net-app-config-file.aspx

HTH Dominik

No. SecureString exists to prevent sensitive text (such as passwords) from being held in memory.