Security Overview Silverlight 4 applications. Part 1
At all times, security has been one of the most important parts of all applications. The review consists of two parts. In the first part, I’ll explain how Silverlight protects the end user from malicious sites. In the second - how to make a secure site using Silverlight 4.
Silverlight is a browser plugin for creating Rich Internet Applications (RIA). Silverlight applications are packaged in .xap files — ZIP files containing managed code, a DLL, and xaml markup.
Silverlight applications can be run in 3 security models:
Silverlight follows the basic principles of web security, allowing you to provide additional functionality that is safe to use. Silverlight initially believes that all web pages are potentially harmful and runs applications in the sandbox.
OpenFileDialog / SaveFileDialog - Silverlight allows applications to read and write files on the hard disk, but only after the user selects them in the dialog box. An application can suggest a default file to set the starting position in the file system. The user must initialize the dialog request himself in order to understand which page asks the file, as well as to prevent an endless cycle of pop-up dialog boxes. The saved file Silverlight will mark as “From the Internet” (mark of the web) to show other users that this file has been downloaded from the Internet to a local machine.
')
Isolated storage - Silverlight allows web pages to store data in a special directory on a local hard drive. Data from this domain is stored in isolated storage and cannot be read by applications from other domains. By default, the storage size is limited to 1 MB, but the application may ask the user to increase the frame to 100 MB. Such a dialogue can appear only once per page. User can delete data (like cookies).
Fullscreen mode - Silverlight can enable fullscreen mode. Enabling this mode requires user input. When enabled, Silverlight displays the message “ ESC to exit full screen mode. "Some time. When switching windows Silverlight will exit full screen mode, the application can not prevent this exit. In order to prevent a full-screen application from changing the system password entry screen, applications do not receive alphanumeric keys in this mode.
Webcam and microphone - The Silverlight application can access the webcam and microphone after requesting permission from the user. Once granted permission lasts until the page is closed.
Silverlight applications can print after showing the print dialog. Silverlight applications can read and write plain text to the clipboard , after displaying a security warning. Buffer access also requires user permission in order to prevent malicious sites from monitoring the buffer. If an application is configured using Drag and drop , then users can drag and drop files onto the application, after which it can read the contents of the file as if it were selected in OpenFileDialog. If the application does not handle the right mouse button, then click will display the Silverlight settings menu. If the application processes the right button, the application menu will be displayed. Access to the settings can then be obtained in the Start menu.
For http / https requests, Silverlight supports 2 different types of cross domain security policy files.
As an img tag in HTML, Image and Media in Silverlight can download images and media files from servers without cross domain policy files. To prevent disclosure of information about the place of origin, the application cannot see the contents of these images / media files, or their composite pixels, or distinguish a damaged file from a nonexistent file. In addition to HTTP, Silverlight allows applications to use sockets. Silverlight supports only outgoing sockets not listening (listening sockets). Silverlight 3 supports TCP sockets. Version 4 adds support for a multicast UDP socket.
Installation begins when the user selects “Install” in the context menu of the Silverlight application or when the application launches the installation upon user request. In any case, Silverlight will display a dialog box asking you to install the application from this site.
Applications outside the browser are of two types: trusted and isolated. In contrast, isolated applications in the browser, isolated outside the browser have more storage space - 25 MB instead of 1 MB, because the user himself made a specific decision to install.
Trusted applications run outside the sandbox. You should not install / run trusted applications if you are not ready to start. Exe from the same site. Trusted applications obtain the following additional permissions:
Silverlight is fully developed in the Microsoft's Secure Development Lifecycle (SDL) section. Silverlight is implemented as a combination of managed and native for the system of languages (native). To increase security, managed code is divided into 3 categories: Transparent , SafeCritical , and Critical . Transparent code (by default) runs as isolated (in the sandbox) as the application. Critical and SafeCritical allows you to do unsafe things such as calling unmanaged code. Transparent code cannot directly make calls to the Critical code, so SafeCritical acts as an intermediate layer where more security checks are performed.
In this part we learned about the basic principles and methods of protecting end users of Silverlight. In the next section, I’ll show you how to create a secure site using Silverlight. All references and all literature will be in the second part .
Introduction
Silverlight is a browser plugin for creating Rich Internet Applications (RIA). Silverlight applications are packaged in .xap files — ZIP files containing managed code, a DLL, and xaml markup.
Silverlight applications can be run in 3 security models:
- In browser - the application is launched as part of a web page in a browser, isolated from other pages.
- Out of browser (sandboxed) - the application can be launched from the browser, but can also be installed in the Start menu. Silverlight will ask the user for confirmation before installation. Isolated applications outside the browser have the same privileges as the applications in the browser.
- Out of browser (trusted) - similar applications as out of the browser. Applications can run in the browser (with browser security restrictions). When an application is installed and runs outside the browser, it has additional privileges. Running trusted applications outside the browser is similar to running .EXE — the ability to access user data, the network, and the file system.
How Silverlight protects the end user from malicious sites
Silverlight follows the basic principles of web security, allowing you to provide additional functionality that is safe to use. Silverlight initially believes that all web pages are potentially harmful and runs applications in the sandbox.
Sandbox. Features and limitations
OpenFileDialog / SaveFileDialog - Silverlight allows applications to read and write files on the hard disk, but only after the user selects them in the dialog box. An application can suggest a default file to set the starting position in the file system. The user must initialize the dialog request himself in order to understand which page asks the file, as well as to prevent an endless cycle of pop-up dialog boxes. The saved file Silverlight will mark as “From the Internet” (mark of the web) to show other users that this file has been downloaded from the Internet to a local machine.
')
Isolated storage - Silverlight allows web pages to store data in a special directory on a local hard drive. Data from this domain is stored in isolated storage and cannot be read by applications from other domains. By default, the storage size is limited to 1 MB, but the application may ask the user to increase the frame to 100 MB. Such a dialogue can appear only once per page. User can delete data (like cookies).
Fullscreen mode - Silverlight can enable fullscreen mode. Enabling this mode requires user input. When enabled, Silverlight displays the message “ ESC to exit full screen mode. "Some time. When switching windows Silverlight will exit full screen mode, the application can not prevent this exit. In order to prevent a full-screen application from changing the system password entry screen, applications do not receive alphanumeric keys in this mode.
Webcam and microphone - The Silverlight application can access the webcam and microphone after requesting permission from the user. Once granted permission lasts until the page is closed.
Silverlight applications can print after showing the print dialog. Silverlight applications can read and write plain text to the clipboard , after displaying a security warning. Buffer access also requires user permission in order to prevent malicious sites from monitoring the buffer. If an application is configured using Drag and drop , then users can drag and drop files onto the application, after which it can read the contents of the file as if it were selected in OpenFileDialog. If the application does not handle the right mouse button, then click will display the Silverlight settings menu. If the application processes the right button, the application menu will be displayed. Access to the settings can then be obtained in the Start menu.
Network
For http / https requests, Silverlight supports 2 different types of cross domain security policy files.
- clientaccesspolicy.xml - this file contains a list of domains that can " talk " with a third party, with support for templates of the form * .habr.ru. clientaccesspolicy.xml can also restrict access to certain paths on the server — for example, thirdparty.com/public is allowed and thirdparty.com/private is prohibited
- crossdomain.xml (for compatibility with Adobe Flash) - must be placed in the root directory of the domain that provides access (for example, thirdparty.com/crossdomain.xml ), and must also provide access to all domains: <allow-http-request-headers -from domain = "*" headers = "*" />
As an img tag in HTML, Image and Media in Silverlight can download images and media files from servers without cross domain policy files. To prevent disclosure of information about the place of origin, the application cannot see the contents of these images / media files, or their composite pixels, or distinguish a damaged file from a nonexistent file. In addition to HTTP, Silverlight allows applications to use sockets. Silverlight supports only outgoing sockets not listening (listening sockets). Silverlight 3 supports TCP sockets. Version 4 adds support for a multicast UDP socket.
Applications outside the browser
Installation begins when the user selects “Install” in the context menu of the Silverlight application or when the application launches the installation upon user request. In any case, Silverlight will display a dialog box asking you to install the application from this site.
Applications outside the browser are of two types: trusted and isolated. In contrast, isolated applications in the browser, isolated outside the browser have more storage space - 25 MB instead of 1 MB, because the user himself made a specific decision to install.
Trusted applications run outside the sandbox. You should not install / run trusted applications if you are not ready to start. Exe from the same site. Trusted applications obtain the following additional permissions:
- integrated integration for example COM
- reading and writing files on a local disk (not limited to isolated storage)
- Sockets and cross domain requests are allowed without security policy files.
Sandbox
Silverlight is fully developed in the Microsoft's Secure Development Lifecycle (SDL) section. Silverlight is implemented as a combination of managed and native for the system of languages (native). To increase security, managed code is divided into 3 categories: Transparent , SafeCritical , and Critical . Transparent code (by default) runs as isolated (in the sandbox) as the application. Critical and SafeCritical allows you to do unsafe things such as calling unmanaged code. Transparent code cannot directly make calls to the Critical code, so SafeCritical acts as an intermediate layer where more security checks are performed.
Conclusion
In this part we learned about the basic principles and methods of protecting end users of Silverlight. In the next section, I’ll show you how to create a secure site using Silverlight. All references and all literature will be in the second part .
Source: https://habr.com/ru/post/99079/
All Articles