Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Attacks on WPF applications

Tags:

.net

security

wpf

What attacks or security vulnerabilities are specific to WPF applications?
To clarify, I'm not asking how to do SQL Injection on WPF apps, or what kind of crypto should I use, or... I'm also not specifically asking about flaws in the Framework, or in WPF itself, rather flaws that might manifest based on improper implementation.
Very specifically, I'm interested on new attacks, or new vectors, that are particular to a client application implemented in WPF. Not specifically XBAP... ClickOnce related issues would be great too.

WPF Skin Skinning Security Concerns would be a good example, though not particularly relevant to my specific need (yet still a valid answer).

like image 549
AviD Avatar asked Jun 24 '10 09:06

AviD

People also ask

Is WPF still relevant 2022?

“WPF would be dead in 2022 because Microsoft doesn't need to be promoting non-mobile and non-cloud technology. But WPF might be alive in that sense if it's the best solution for fulfilling specific customer needs today. Therefore, having a hefty desktop application needs to run on Windows 7 PCs with IE 8.

Is WPF secure?

WPF browser-hosted applications execute within a partial trust security sandbox, by default, which is limited to the default CASInternet zone permission set. This effectively isolates WPF browser-hosted applications from the client computer in the same way that you would expect typical Web applications to be isolated.

Is WPF still viable?

When it comes to a Windows (only) Desktop client, WPF can still be a viable option. The alternatives mentioned above give us many different options to choose from. There is still a very healthy eco-system around Windows Desktop application development, although web and mobile are going through the roof.

Can WPF be targeted to Web browser?

WPF only runs on windows. You can make a type of wpf application called xbap which runs in a browser. BUT. Only on windows.

1 Answers

With WPF, it's easier for someone to steal your GUI. In general, though, it may result in better security because WPF controls do not get windows messaging by default. They use hit testing for dispatching events using routed commands. As far as windows is concerned, it's a game running in that space, not a windows app.

like image 155
Nate Zaugg Avatar answered Oct 14 '22 09:10

Nate Zaugg
Sign in to Comment

Related questions

The server response was: 5.7.1 Unable to relay/Mailer Daemon
IsMouseOver returns false over some elements in a DockPanel
Can't set PageLoad of ChromeDriver instance
Use OutputCache and GetVaryByCustomString to cache same content for multiple paths
Cursor position is not changed for up and down key in Avalon text editor
dotnet build not compiling .NET Framework 4.6.1 Application
.Net Core Host process High CPU usage in Windows 2016 IIS in Asp.Net Core 2.2 Application
Difference between Nuget & SDK dependencies in .Net Core project
Looking for a .NET "text" editor control
.Net MTP / PTP Wrapper?
Get common desktop path in .NET
Asp.Net MVC - Plugins Directory, Community etc?
How do I map from Oracle UDTs with ODP.NET without using OracleObjectMappingAttribute?
Any alternatives to the .Net 4 Code Contracts static analyser?
Using LockFileEX in C#
System.ComponentModel namespace usage
Best way to handle multiple config file instances?
Test for "My Documents" folder redirection
Single sign on cookie removed by anti spyware software
When do you dispose GDI+ resources?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!