Cross domain access policy in Silverlight applications
page 3 of 6
by Sergey Zwezdin
Feedback
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 47554/ 104

Threats which are possible at Rich Internet Applications

We have already looked at how to construct a simple access with a server. However, the use of such approaches cannot always be safe. Let us consider some scenarios.

Let us assume you have a bank account and you can work with this account through the Internet in a browser. To work with the bank web-application you authenticate on a bank web-site and a server places record about it in your cookie. Actually, this record in cookie distinguishes you from other a non-authenticated user. Now let us assume that there is a violator who wishes to get access to your bank account. The violator can create Silverlight application which works in your browser. Feature of such applications is that at the accessing to a server they can also use earlier set cookie for this web-site. All the violator needs is to force you to start this application. This application can be hidden in a naive joke displaying a funny card. But actually this application will access to the bank web-application, using your data, to transfer money for another account. It is possible to present this situation in a following scheme.

Figure 2: Multiple access to a server

Let us consider another dangerous scenario.

Let us assume that web-service is located on a server, which carries out labour-consuming operations. For example, for each operation the essential quantity of processor time or any other expensive resources is required. In this case a violator can place the application on the server to generate some accesses to this operation simultaneously. Then he can make a great number of people enter the site and thus arrange massed DoS attack on the application. Such attacks are especially dangerous, because such accesses occur from different computers. Therefore it is impossible just to block a range of IP-addresses for attack prevention.


View Entire Article

User Comments

Title: oyun forum   
Name: oyun forum
Date: 2010-05-09 5:10:06 AM
Comment:
Thanks man






Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2019 ASPAlliance.com  |  Page Processed at 2019-09-18 7:40:13 AM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search