A while ago, I went to a Silverlight session. For those who don’t know, Silverlight is a new product from Microsoft. You can compare it with Flash, difference is that the new version let’s you write your code in dotnet 🙂
As they explained it, they told us the Silverlight runtime actually downloads the managed dll (assembly) and runs it. My first impression that I also tried to explain was that in a corporate environment, many firewalls will block exe,dll,… files. So how where they gonna solve this. I got the feeling nobody actually found this important. Am i the only one who finds it strange that my browser will try to download an run dll files ??? If I were Microsoft I would at least rename the extension to sli or something. Maybe you can do this yourself, haven’t looked into detail in the software.
Microsoft is driven by marketing, to give features to their users. For them, those security issues are not important.
Micrsoft doesn’t understand best practices and certainly not security. They keep proving it.
Silverlight applications are compressed in zip archives before being sent to the client. (Might not be the case with the version you tested).
Even though the files have the extension DLL, they cannot be compared with
the classic DLL files as we know them from the Windows operating system.
They are in fact .NET Assemblies containing various data modules,
including the classes that make up the application.
.NET Silverlight applications run inside a limited runtime with limited
access to your system, just as .NET applications you run directly from the browser (although that never really got any attention) or application deployed through ClickOnce.
The security system (previously Code Access Security, but that has changed with .NET 3.5) has been designed from the ground up to make sure the user and his or her system is safe. There’s a bit more to it than “simply downloading dll” files 🙂
Your browser will not “run” dll files, it will pass them on to the embedded .NET runtime which will “load” them and execute specific parts of the code as long as that code does not violate any of the safety rules.
I should also mention Silverlight is much more than a flash replacement.
It does everything Flash does and more… AND… it’s more “open” than flash.
– You don’t need to learn ActionScript
– You don’t need Microsoft’s software to develop sylverlight applications
– XAML is a well defined open standard
– etc….
I can’t explain everything in detail here, but feel free to contact me if you have any questions.
“Microsoft is driven by marketing, to give features to their users. For them, those security issues are not important.”
If you compare security provided by flash and java and compare it to the .NET runtime (including the embedded runtime provided by Silverlight) you’ll notice they payed a lot of attention to security.
Google: Isolated Storage
Assuming they discard security because they let you download files wich
have a dll extension… oh well… people hate stuff because it’s Microsoft related and because it’s cool to hate Microsoft… to bad…
TimothyP I know dotnet has a good security design (I even think vista has a good overall design, don’t know to much about the security architecture yet) my point is that there idea was good (most of the time it is) but there implementation always has some issues it seems 🙂
And yes I know designing the architecture and implementing it are 2 very different things, but I find it hard to believe nobody said anything