Silverlight security overview paper has been officially published

https://download.microsoft.com/download/A/1/A/A1A80A28-907C-4C6A-8036-782E3792A408/Silverlight Security Overview.docx (The content hasn't changed since RC but the formatting & presentation has undergone a facelift courtesy John Allwright)

A little background for those who haven't read the previous versions... There's a lot of information in MSDN about Silverlight security, but it's hard to know where to start sometimes. This document tries to give you a lay of the land so you can orient yourself and figure out what details are relevant to you. The other thing it does is it gives an introduction to our security thinking, for example why it's safe for Silverlight to allow sandboxed apps to open files (OpenFileDialog & isolated storage). We don't get into every detail of every security decision we've made, but it will give you a lot of insight into how we choose what to enable in the sandbox.

Comments

  • Anonymous
    May 11, 2010
    On Page 12, you mentioned "We are not aware of any tools that obfuscate xaml." Dotfuscator from PreEmptive Solutions claims to have this ability; however, I have not evaluated it.