MSDN Touting Silverlight Security
Developers commenting on the security model for Microsoft’s Silverlight application development platform have extolled its virtues.
The comments have come from the .NET security blog, in reference to Microsoft’s recently announced Silverlight, a cross-browser, cross-platform plug-in for .NET-based web and rich media applications. James Senior, a Microsoft technical specialist in the U.K., spotted several examples of Silverlight security receiving kudos from developers.
Senior noted how Silverlight applications will be security transparent. They will not contain unverifiable code, or be able to call native code directly.
Applications can access public methods only if the methods are security transparent, or if the method has a SecuritySafeCriticalAttribute.
Senior also referenced posts showing types that can be contained in a Silverlight application, again with an emphasis on security.
The security model will have to stand up to rigorous abuse in the real world once Microsoft and developers begin to ramp up production of Silverlight applications, and they gain more regular use publicly.
Attackers will render a poor security model useless, and if that happens Microsoft will bear the wrath of people victimized by yet another exploit of one of their applications.