This probably sounds like a terrible idea at first glance, but here is my scenario: I have a Windows service that exposes several WCF endpoints using Username authentication. The custom authenticator will either look up the user s credentials in a local database (password is stored as salted SHA-1), or it will make a WCF request to another service to validate the password. (There is an enum on the User object that can be Internal or External, indicating which authentication source to use).
I m finding that performing either the lookup+hash check or making the WCF call is expensive to do on every single request to my service, so I would like to cache username/password information. Each item in the cache would have a lifetime, so for instance if the item in the cache is 60 seconds old, upon the next request the authenticator will verify the credentials against the original source instead of the cache, and then update it.
For the local database, I could simply store the username/SHA1 pair in a Dictionary, and on each request from an "Internal" user I would just have to re-hash the supplied password and compare it. For an "External" user, I would only have the plaintext password submitted to the authenticator, so it would be up to me to hash it and store it as part of the cache. Although this certainly saves me the overhead of a database request or a remote service call, I still have to perform the hash operation each time.
The service in question will run on an internal server with good physical as well as network security. Is it an acceptable practice to store the plaintext password in the cache instead of storing a hashed version? In that case my risk seems to be an attacker dumping the memory of the process and getting the passwords. If I consider that risk acceptable, is there any other reason I should avoid having the plaintext passwords in memory?
If I opt to use plaintext passwords, I think that SecureString could limit my risk to an extent. Is it worth the trouble to use SecureString (implementing it seems very roundabout)? I am well aware of the risk of persistently storing passwords un-hashed, however I m not sure what the consensus seems to be on volatile storage of plaintext passwords.