Silverlight Security Cheat Sheet- May 14, 2007 Over the last week we took a look at the new Silverlight security model. When you're writing a Silverlight application though, there's a lot of information there that you may not want to wade through to get yourself unblocked. Here's a quick cheat sheet highlighting the important points that you'll need to know when working with the Silverlight security model: All applications written for Silverlight are security transparent. This means that they cannot: details Contain...http://blogs.msdn.com/shawnfa/archive/2007/05/14/silverlight-security-cheat-sheet.aspx Silverlight Security III: Inheritance- May 11, 2007 Over the last few days we've looked at the basics of the CoreCLR security model in Silverlight, and how to tell which platform APIs are available for applications to call. Let's wrap up this mini-series on CoreCLR security by looking at how the CoreCLR transparency model interacts with inheritance in the Silverlight platform. From what we already know, we can define a logical ordering among the transparency levels: Transparent (application platform) Safe critical (platform only) ..http://blogs.msdn.com/shawnfa/archive/2007/05/11/silverlight-security-iii-inheritance.aspx Silverlight Security II: What Makes a Method Critical- May 10, 2007 Yesterday we talked about the CoreCLR security model, and how it is built upon the transparency model introduced in the v2.0 .NET Framework. The quick summary was that all Silverlight application code is transparent, and transparent code may only call other transparent code and safe critical code. With that in mind, lets take a look at figuring out how can tell which platform APIs fall into each category ... allowing us to know which APIs our applications are allowed to call. In...http://blogs.msdn.com/shawnfa/archive/2007/05/10/silverlight-security-ii-what-makes-a-meth... The Silverlight Security Model- May 9, 2007 You may have heard a thing or two last week about a little project we like to call Silverlight, including a small version of the CLR that will run in the browser on both Windows and the Mac. (If you haven't grabbed the Silverlight v1.1 alpha bits yet, I highly recommend it -- as well as grabbing the SDK and heading over to the quickstarts site and forums so that you can try it out for yourself). Since the v1.1 release of Silverlight includes a slimmed down version of the CLR, you...http://blogs.msdn.com/shawnfa/archive/2007/05/09/the-silverlight-security-model.aspx Bypassing the Authenticode Signature Check on Startup- May 7, 2007 A while back I wrote about the performance penalty of loading an assembly with an Authenticode signature. The CLR will attempt to verify the signature at load time to generate Publisher evidence for the assembly. However, by default most applications don't need Publisher evidence. Standard CAS policy does not rely on the PublisherMembershipCondition, so unless your application will run on a machine with custom CAS policy modifications, or is intending on satisfying...http://blogs.msdn.com/shawnfa/archive/2007/05/07/bypassing-the-authenticode-signature-chec... |