I need help understanding Silverlight 4 security -


does else think silverlight 4 security bit screwball?

look @ following scenario:

  1. silverlight when set trusted app, , run out of browser mode allows browse file using file open dialog.
  2. you require name of path of file open com automation. example (excel/word) anything.
  3. it impossible full path of file dialog because of security restrictions
  4. you can using com filesystemobject - ever want users file system, including create folders, move , delete files.

so in other words, why fuss security in silverlight, hinders real business use cases, when possible access file anyways using com?

to way, if user runs malicious silverlight app, unlikely they'll - oh com @ fault. com afterall being called silverlight app.

here mean....

  • user browses file - c:\myfile.xls
  • silverlight prevents getting path (for security reasons)
  • silverlight lets work documents
  • using com can ever want file system in background anyways. including copying file documents, if knew name! besides can wipe file potentially if not in use.

in opinion silverlight security model flawed, either should have given developers full trust , allow run apps if running locally

or

not allowed silverlight access com.

is me, or can else see bad implementation?

this triggers security alerts:

openfiledialog fldialog = new openfiledialog(); fileinfo fs = fldialog.file; string filename = fs.fullname;

this doesn't

dynamic filesystem = automationfactory.createobject("scripting.filesystemobject"); filesystem.copyfile(anyfilename,anydestination);

i don't agree point of view. fact can pretty installed com object allow not reason modify whole bunch of existing silverlight code allow same things.

why? because in process of opening code there increase chance in unintended way same code run when silverlight component not running in trusted mode. if happen once media on in shot , silverlight's reputation would, unfairly, in tatters.

personally i'm quite happy cautious approach security ms taking silverlight.


Comments

Post a Comment

Popular posts from this blog

asp.net - repeatedly call AddImageUrl(url) to assemble pdf document -

i'm using abcpdf , i'm curious if can recursively call addimageurl() function assemble pdf document compile multiple urls? something like: int pagecount = 0; int theid = thedoc.addimageurl("http://stackoverflow.com/search?q=abcpdf+footer+page+x+out+of+", true, 0, true); //assemble document while (thedoc.chainable(theid)) { thedoc.page = thedoc.addpage(); theid = thedoc.addimagetochain(theid); } pagecount = thedoc.pagecount; console.writeline("1 document page count:" + pagecount); //flatten document (int = 1; <= pagecount; i++) { thedoc.pagenumber = i; thedoc.flatten(); } //now try again theid = thedoc.addimageurl("http://stackoverflow.com/questions/1980890/pdf-report-generation", true, 0, true); //assemble document while (thedoc.chainable(theid)) { thedoc.page = thedoc.addpage(); theid = thedoc.addimagetoc
Read more

java - Android recognize cell phone with keyboard or not? -

in android app, want detect user's device if device has keyboard(like motorola milestone) , show corresponding user interface. guys know how that? ! regards justicepenny http://developer.android.com/reference/android/content/res/configuration.html public int keyboard the kind of keyboard attached device. 1 of: keyboard_nokeys, keyboard_qwerty, keyboard_12key. that's it!
Read more

iphone - How would you achieve a LED Scrolling effect? -

how achieve led scrolling effect example below? led sign - led ticker emulator iphone , ipad http://img.skitch.com/20101201-rsfh4p1bajb1wp94k466pdpiuj.preview.jpg sometimes remunerates comment in other posts :) have put code you, should implement font '8pin matrix' realistic feeling. uilabel *label; - (void)viewdidload { [super viewdidload]; label = [[uilabel alloc]initwithframe:cgrectmake(10, 50, 300, 20)]; label.font = [uifont fontwithname:@"courier-bold" size:16.0]; label.backgroundcolor = [uicolor blackcolor]; label.textcolor = [uicolor greencolor]; label.linebreakmode = uilinebreakmodecharacterwrap; // otherwise "…" label.text = @"this led text scrolled "; // blanks space between [self.view addsubview:label]; [nstimer scheduledtimerwithtimeinterval:0.12f target:self selector:@selector(scrolllabel) use
Read more