Google
AspAlliance.com Web
AspAlliance
Register
Edit My Profile
Author List
Write for Us
About AspAlliance
Contact Us
Privacy Policy
Link To Us
Advertise

Subscribe
Free Newsletter
Newsletter Archive
RSS Syndication

.NET Tutorials
Learn .NET
Learn WCF
Learn WPF
Learn ASP.NET
Learn AJAX
Learn Silverlight
Learn Visual Studio
Learn ADO.NET
Learn LINQ
Learn C# (CSharp)
Learn VB.NET
Learn Web Services
Learn Controls
Learn BizTalk
Learn SharePoint
Learn Mobile
Learn SQL
Learn SQL Reporting
Learn Windows Forms
Learn XML
Learn Crystal Reports
Learn FarPoint
Learn DevExpress
Examples
ASP.NET 2.0 Examples

ASP Tutorials
Learn ASP
Learn VBScript
Learn JScript
Learn SQL
Learn XML

Software Resources
Shopping Cart Ecommerce
Charts and Dashboards

Other Resources
Learn Java
Learn Oracle
Opinion / Editorial
Crystal Reports Alliance
WPF Resources
AJAX Resources
Silverlight Resources

Free Tools
Cache Manager
SimpleCMS

Reviews
Book Reviews
Product Reviews
Expert Advice

Books
ASP.NET Developer's Cookbook
Sample Chapters
Book Reviews

Community
Regular Expressions

Print This Article Print  Add To Favorites Add To Favorites    Email This Article To A Friend Email To Friend  Rate This Article Rate This Article   
Cross domain access policy in Silverlight applications
page 3 of 6
by Sergey Zwezdin
Feedback
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 36836/ 47
Threats which are possible at Rich Internet Applications

We have already looked at how to construct a simple access with a server. However, the use of such approaches cannot always be safe. Let us consider some scenarios.

Let us assume you have a bank account and you can work with this account through the Internet in a browser. To work with the bank web-application you authenticate on a bank web-site and a server places record about it in your cookie. Actually, this record in cookie distinguishes you from other a non-authenticated user. Now let us assume that there is a violator who wishes to get access to your bank account. The violator can create Silverlight application which works in your browser. Feature of such applications is that at the accessing to a server they can also use earlier set cookie for this web-site. All the violator needs is to force you to start this application. This application can be hidden in a naive joke displaying a funny card. But actually this application will access to the bank web-application, using your data, to transfer money for another account. It is possible to present this situation in a following scheme.

Figure 2: Multiple access to a server

Let us consider another dangerous scenario.

Let us assume that web-service is located on a server, which carries out labour-consuming operations. For example, for each operation the essential quantity of processor time or any other expensive resources is required. In this case a violator can place the application on the server to generate some accesses to this operation simultaneously. Then he can make a great number of people enter the site and thus arrange massed DoS attack on the application. Such attacks are especially dangerous, because such accesses occur from different computers. Therefore it is impossible just to block a range of IP-addresses for attack prevention.
View Entire Article

User Comments

Title: oyun forum   
Name: oyun forum
Date: 2010-05-09 5:10:06 AM
Comment:
Thanks man






Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2024 ASPAlliance.com  |  Page Processed at 2024-04-24 10:37:57 AM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search