What attacks or security vulnerabilities are specific to WPF applications?
To clarify, I'm not asking how to do SQL Injection on WPF apps, or what kind of crypto should I use, or... I'm also not specifically asking about flaws in the Framework, or in WPF itself, rather flaws that might manifest based on improper implementation.
Very specifically, I'm interested on new attacks, or new vectors, that are particular to a client application implemented in WPF. Not specifically XBAP... ClickOnce related issues would be great too.
WPF Skin Skinning Security Concerns would be a good example, though not particularly relevant to my specific need (yet still a valid answer).
“WPF would be dead in 2022 because Microsoft doesn't need to be promoting non-mobile and non-cloud technology. But WPF might be alive in that sense if it's the best solution for fulfilling specific customer needs today. Therefore, having a hefty desktop application needs to run on Windows 7 PCs with IE 8.
WPF browser-hosted applications execute within a partial trust security sandbox, by default, which is limited to the default CASInternet zone permission set. This effectively isolates WPF browser-hosted applications from the client computer in the same way that you would expect typical Web applications to be isolated.
When it comes to a Windows (only) Desktop client, WPF can still be a viable option. The alternatives mentioned above give us many different options to choose from. There is still a very healthy eco-system around Windows Desktop application development, although web and mobile are going through the roof.
WPF only runs on windows. You can make a type of wpf application called xbap which runs in a browser. BUT. Only on windows.
With WPF, it's easier for someone to steal your GUI. In general, though, it may result in better security because WPF controls do not get windows messaging by default. They use hit testing for dispatching events using routed commands. As far as windows is concerned, it's a game running in that space, not a windows app.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With