Channels ▼
RSS

Web Development

The Silverlight 2.0 Security Model



Traditional Web applications are consumed through a special breed of application -- the client browser. Overall, the behavior of the browser hasn't changed much in recent years -- the browser is mostly used to download some content and render it into its client area. When the content is HTML, any embedded JavaScript code will be interpreted and executed. Through JavaScript code, the page author can manipulate elements in the page's Document Object Model (DOM) and trigger remote operations using XMLHttpRequest. In other words, JavaScript is the programming language of the browser and it is used to code any task that the page author wants the page to accomplish.

Since the very early days of the Web, two things appeared as clear as facts:

  • First, the browser can't just be like a dummy 3270 dumb-and-deaf terminal. It needs be interactive and responsive to some extent.
  • Second, enabling downloaded code to run within the user's machine is a security hazard. For this reason, all browsers run JavaScript code in a "sandbox" -- a tightly-controlled hosting environment that prevents access to critical local resources such as hardware and file system. With a sandbox in place, executing untrusted code embedded in Web pages is generally considered safe.

However, JavaScript is not as powerful as required by modern Web pages. Implementing a good user experience is perhaps far beyond the reach of the JavaScript language -- today and in the foreseeable future. That's why new programming environments are emerging specifically designed to build Rich Internet Applications (RIA). Silverlight 2.0 has is just one of these.

Stung by the failure of the ActiveX platform, Microsoft put a lot of attention and effort in the development of Silverlight, especially from a security point of view. Since its first appearance 10 years ago, ActiveX wasn't well received for essentially two reasons -- lack of support for platform interoperability and a poor security model.

Today, Silverlight 2.0 revamps the same core idea of ActiveX -- running user-defined and compiled code within the client browser. However, today Silverlight 2.0 does that in a cross-platform way and using an adequate sandbox to protect the user machine. In this article, I examine the new security model of Silverlight 2.0.

Enter Silverlight 2.0

Shipped with a cross-platform (and obviously thinned down) version of the .NET Framework, Silverlight 2.0 lets developers build rich managed applications that run in virtually any client browsers. As a developer, you can write Silverlight applications using a variety of .NET languages, including C#, Visual Basic, Managed JScript, and also dynamic languages such as IronPython and IronRuby. Figure 1 provides an overview of the Silverlight architecture and breaks the supported .NET Framework into pieces.

[Click image to view at full size]
Figure 1: A view from the interior of the Silverlight 2.0 engine.

The Silverlight 2.0 plug-in is made of a core CLR environment and a brand new Dynamic Language Runtime (DLR) environment made to measure to process dynamic languages such as Python. (IronPython is a Microsoft .NET language with a Python-compatible syntax.) Any code that runs within the CoreCLR may target classes in the Silverlight supported subset of the .NET Framework. This subset includes collections, generics, as well as more specific application programming interfaces such as that for XML parsing, isolated storage, LINQ-to-Objects. Each instance of the Silverlight plug-in is bound to a URL that returns XAML with optional code-behind classes written in any supported language. In Silverlight 2.0, the XAML supports a compatible subset of the full WPF platform along with some specific common controls not available (yet) to the desktop platform.

It is essential to note that Silverlight 2.0 does not require any version of the full .NET Framework to be installed on the client machine. The Silverlight setup program downloads everything that is necessary to enable all the features in Figure 1 on a standard Windows, Mac OSX, or Linux machine. For more information about running Silverlight on Linux, see the Moonlight project, the plug-in's code-name for Linux. Currently, Moonlight is under development.

The Silverlight plug-in measures about 4 MB in size and normally won't take more than just a few seconds to install on a machine. You need to install it only once and you can then successfully navigate to any Web page that hosts Silverlight content using your browser of choice.

Silverlight applications can be deployed to any Web server including Apache on Linux, and always require some sort of host page. You can't just serve plain XAML data to the browser. Instead, you need a host page that sets up the plug-in and make it point to the URL for the XAML content. The host page can be a static HTML files or any server-side generated page: ASP.NET, ASP.NET AJAX, PHP, Java, Python, Ruby, and so forth.


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 
Dr. Dobb's TV