Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Isolated Storage misunderstanding

Tags:

c#

.net

security

windows

asp.net

This is a discussion between me and me to understand an Isolated Storage issue. Can you help me to convince me about Isolated Storage?

This is code written for a Windows Forms application (reader) that read the isolated storage of another Windows Forms application (writer) which is signed. Where is the security if the reader can read the writer's file? I thought only signed code can access the file!

If all .NET applications are born equal and have all permissions to access Isolated Storage, where is the security then? If I can install and run an EXE file from Isolated Storage, why I don't install a virus and run it, I am trusted to access this area. But the virus or whatever will not be trusted to access the rest of file system, it only can access the memory, and this is dangerous enough.

I cannot see any difference between using the application data folder to save the state and using Isolated Storage except a long nasty path!!

I want to try give low trust to reader code and retest, but they said "Isolated storage is actually created for giving low trusted application the right to save its state".

Reader code:

 private void button1_Click(object sender, EventArgs e)
 {
     String path = @"C:\Documents and Settings\All Users\Application Data\IsolatedStorage\efv5cmbz.ewt\2ehuny0c.qvv\StrongName.5v3airc2lkv0onfrhsm2h3uiio35oarw\AssemFiles\toto12\ABC.txt";
     StreamReader reader = new StreamReader(path);
     var test = reader.ReadLine();
     reader.Close();
 }

Writer:

private void button1_Click(object sender, EventArgs e)
{
    IsolatedStorageFile isolatedFile = IsolatedStorageFile.GetMachineStoreForAssembly();
    isolatedFile.CreateDirectory("toto12");

    IsolatedStorageFileStream isolatedStorage = new IsolatedStorageFileStream(@"toto12\ABC.txt", System.IO.FileMode.Create, isolatedFile);
    StreamWriter writer = new StreamWriter(isolatedStorage);
    writer.WriteLine("Ana 2akol we ashrab kai a3eesh wa akbora");
    writer.Close();
    writer.Dispose();
}
like image 442
Costa Avatar asked Mar 13 '10 06:03

Costa

People also ask

What is isolated storage?

Isolated storage is a mechanism that provides data isolation, safety and storage by associating code with persistent data. Isolated storage is designed to prevent data corruption and access to application-specific data, while providing a standard data storage and retrieval system that's inaccessible to users, folders or applications.

Is it better to store data in isolated storage or protected data?

Obviously if you can restrict it to the current user the data will be more safe. So, Isolated storage provides a safe place to store data (you won't have to worry about overwriting other applications data, but it is not secure). ProtectedData will ensure that the data is secure where it is stored.

How to get the value associated with a key in isolatedstorage?

Keys/values in the Isolated Storage are accessible through an API. The option type used for classifying data is DataScope Option Type and the data type used is the IsolatedStorage Data Type. Sets the value associated with the specified key within the extension. Gets the value associated with the specified key within the extension.

What is the difference between isolatedstoragefilestream and is isolatedstoragescope?

IsolatedStorageFileStream derives from System.IO.FileStream and provides access to the files in a store. IsolatedStorageScope is an enumeration that enables you to create and select a store with the appropriate isolation type. The isolated storage classes enable you to create, enumerate, and delete isolated storage.

2 Answers

I agree about your "misunderstand" in the title; I think you're misunderstanding the purpose of isolated storage.

As I understand it the "isolated" does not mean "private storage that other programs can't access". It means a "sandbox" to give your low-trust program a place where it can save data when it might not have permission to write to somewhere else.

like image 65
Conrad Albrecht Avatar answered Oct 24 '22 19:10

Conrad Albrecht

Of course you can reach any (known) location on the hard drive using your reader code, assuming that you have adequate permissions to access that location.

There are no special permissions applied to the IsolatedStorage area, but there are rules that apply to the low trust applications that use IsolatedStorage how it was intended to be used. There is absolutely nothing to prevent you from encrypting what you store there if you want to keep it private.

Edit: check out CLR Inside Out - Isolated Storage In Silverlight 2 and Silverlight out-of-browser apps: Local Data Store.

like image 41
slugster Avatar answered Oct 24 '22 18:10

slugster
Sign in to Comment

Related questions

What is the recommended way to manage a strong-name key pair for an open-source project?
WebBrowser keyboard shortcuts
How do I make a webpart's settings configurable in Sharepoint?
Restart Windows App using .NET
Authorization & User info in a Service Layer (.NET application)
C# - Use OfType and ignore inherited classes
Is there a Relaxer for .NET? Is Relaxer alive? Is RelaxNG viable? [closed]
SQL Bulk Stored Procedure call C#
call method at runtime
How to determine if Type is a struct?
Know of any C# spatial data libraries? [closed]
Sign data with MD5WithRSA from .Pem/.Pkcs8 keyfile in C#
How to clear Viewstate?
Difference among "Console", "cmd.exe", "shell"?
Buffer.BlockCopy vs unsafe byte* pointer copy
Triggering an event every second
How to read HTTP header from response using .NET HttpWebRequest API?
Setting up Moq to ignore a virtual method
System.Uri can't parse when password or username field contains a special character
Create Extension Method to Produce Open & Closing Tags like Html.BeginForm()

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!