Databases
StackOverflow2013
Postsdbo
POI need help understanding Silverlight 4 security
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POI need help understanding Silverlight 4 security
    primarykey
    data
    text
    <p>Does anyone else think Silverlight 4 security is a bit screwball?</p> <p>Look at the following scenario:</p> <ol> <li>Silverlight when set to trusted app, and run out of browser mode allows you to browse for a file using the file open dialog. </li> <li>You require the name of the path of the file to open it up from any COM automation. For example (excel/word) but this could be anything. </li> <li>It is impossible to get the full path of the file from the dialog because of security restrictions</li> <li>You can however using COM FileSystemObject - do what ever you want to the users file system, including create folders, move and delete files. </li> </ol> <p>So in other words, why all the fuss about security in Silverlight, which actually hinders real business use cases, when its possible to access any file anyways using COM?</p> <p>To say it another way, if a user runs a malicious silverlight app, its unlikely they'll say - oh well it was COM at fault. The COM was afterall being called by a Silverlight app.</p> <p>Here is what I mean....</p> <ul> <li>User browses for file - c:\myFile.xls</li> <li>Silverlight prevents you from getting the path (for security reasons) </li> <li>Silverlight only lets you work with my documents</li> <li>Using COM you can do what ever you want to the file system in the background anyways. Including copying that file now to my documents, if only you knew the name! But besides that you can wipe any file potentially if its not in use. </li> </ul> <p>In my opinion Silverlight security model is flawed, either they should have given developers full trust and allow us to run apps as if they were running locally</p> <p>or </p> <p>Not allowed Silverlight to access COM.</p> <p>Is it just me, or can anyone else see that its a bad implementation? </p> <p>This triggers security alerts:</p> <pre><code>OpenFileDialog flDialog = new OpenFileDialog(); FileInfo fs = flDialog.File; string fileName = fs.FullName; </code></pre> <p>This doesn't</p> <pre><code>dynamic fileSystem = AutomationFactory.CreateObject("Scripting.FileSystemObject"); fileSystem.CopyFile(anyFileName,anyDestination); </code></pre>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USMichael Petrotta
    1. USJL.
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    3. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POI need help understanding Silverlight 4 security
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POI need help understanding Silverlight 4 security
      1. USbmanu
      1. VTFavorite
    3. VO
      singulars
      1. POI need help understanding Silverlight 4 security
      1. This table or related slice is empty.
      1. VTUpMod
    1. This table or related slice is empty.
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload