Is the usage of Isolated Storage in Silverlight 3 a security concern
Question
I am using Silverlight 3 on my website. I have a Login Page for role based authentication, that routes users with different privileges to different parts of the website. I want to use something analogous to the Session Variables available in standard ASP.Net applications.
I intend to use Isolated Storage to achieve this. But I am skeptical about security in this option, as the Isolated Storage exists on the client side, and can be manipulated on client side. I am new to the Isolated Storage concept and don't know about the security options provided by it in terms of Encryption and server-side validation etc. If any of you have used it or are aware of the security provided in this case, could you please shed some light on the same.
Thanks
2 answers
solution1
0 2010-03-24 13:29:43
Here's an idea, why not just use a static instance of a dictionary (to go with a simple example). As you mentioned, silverlight runs on the client side, which means that you don't have to be concerned with other user's state. The dictionary will be persisted as long as the user is using the silverlight app, And every time you go to the page again, the AppDomain will be recreated which is analogous to the user having an empty session state bag re-initialized
solution2
0 2010-08-17 00:48:23
Have a look at the Silverlight Database project which implements an Isolated Storage database. The functionality includes compression and encryption.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.