Where are the guides to Security Best Practices in Silverlight?



When I first started writing web application for .NET, I found a great article on security which told me how to create forms authentication and protect myself from sql injection attacks by using stored procedures and parameters.

Today, with Silverlight, we have some additional challenges.  The Silverlight code is now on the clients machine.  How do we protect access to webforms, passwords, or protect our database control string and stop users from reading or stealing our client code?

Most examples out there today are designed as sales pitches, everything is so easy when error handling and security is completely ignored.

I would love to write an article for you that gave you step by step best practices, but like many of you I am still at the start of this exciting journey, so this is a plea to those who are designing these technologies and evangelising their use. 


We need examples that can be used by small development teams (1 to 5 people) who are being told by their management (who have just watched or been to one of the flashy launch events) do me a website like MGM Stargate or NBC sports or Continental Airlines, that will handle customer orders in a way that will blow Amazon away.

Resources which I had in 2002 when I started with .Net were:

Defend Your Code with Top Ten Security Tips Every Developer Must Know by Michael Howard and Keith Brown

http://msdn.microsoft.com/en-us/library/aa302370.aspx by Timothy Bollefer, Girish Chander, Jesper Johansson, Mike Kass, and Erik Olsen.


A more recent whitepaper for silverlight 2 security is available here


but it is by no means a step by step guide of all of the thing you need to do to make your applications secure.

So come on Scott Hansleman, Tim Heuer, Phil Haack, Scott Guthrie, Beth Massie, The Silvelight Developer Team, The Visual Basic Developer Team, you have been challenged to provide step by step articles and videos or point us to appropriate references.  The articles should be based around Silverlight 3 and technologies which are current today. And, of course, be available in both VB and C#.


One thought on “Where are the guides to Security Best Practices in Silverlight?

  1. Pingback: Silverlight, WCF, Security And Things You Might Not Know « The Luddite Developer

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s