http://blogs.msdn.com/silverlight_sdk/archive/2008/11/11/wcf-http-and-security-topics-for-silverlight.aspxOur team has been watching the forums and there are a lot of questions regarding using Silverlight with WCF and data services, HTTP questions and security questions. We created some new topics and updated existing topics to better cover these areas foren-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/silverlight_sdk/archive/2008/11/11/wcf-http-and-security-topics-for-silverlight.aspx#9060987Wed, 12 Nov 2008 02:47:17 GMT91d46819-8472-40ad-a661-2c78acb4018c:9060987WCF, HTTP and Security topics for Silverlight | Tmao Coders<p>PingBack from <a rel="nofollow" target="_new" href="http://www.tmao.info/wcf-http-and-security-topics-for-silverlight/">http://www.tmao.info/wcf-http-and-security-topics-for-silverlight/</a></p> http://blogs.msdn.com/silverlight_sdk/archive/2008/11/11/wcf-http-and-security-topics-for-silverlight.aspx#9065491Thu, 13 Nov 2008 09:14:28 GMT91d46819-8472-40ad-a661-2c78acb4018c:9065491WebLog of Ken Cox<p>Many of us have been struggling to create business-oriented (LOB) forms using Silverlight 2 and ADO.NET</p> http://blogs.msdn.com/silverlight_sdk/archive/2008/11/11/wcf-http-and-security-topics-for-silverlight.aspx#9066017Thu, 13 Nov 2008 15:14:44 GMT91d46819-8472-40ad-a661-2c78acb4018c:9066017Community Blogs<p>In this issue: Silverlight Girl, Mehdi Slaoui Andaloussi, David Anson, Cheryl, Justin Angel, Kathy Kam</p> http://blogs.msdn.com/silverlight_sdk/archive/2008/11/11/wcf-http-and-security-topics-for-silverlight.aspx#9066470Thu, 13 Nov 2008 18:37:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:9066470KellenF<p>Thanks for the post Cheryl, I've posted several times on the silverlight.net forums about some of these security restrictions and I still have some concerns that I don't feel have been addressed.</p> <p>I understand the absolute necessity for a secure platform, and I don't feel that mistakes of the past can be used as an excuse for future applications, that said the socket restrictions in place don't seem to make sense to me. &nbsp;I would be perfectly happy with a confirmation box per connection, like the expand storage confirmation (requiring a user initiated event to show the box), to open up a socket. &nbsp;This would make a DoS application infeasible. &nbsp;Essentially I would like to be able to write the equivalent of an FTP client, that lives in a Silverlight application.</p> <p>If I am missing a major security hole please enlighten me, I think allowing this to happen would open up a world of application replacements, allowing clients to existing services to be developed in Silverlight. &nbsp;As it is right now I have had to write a server side component that martials sockets to their destination, which limits performance and security.</p> <p>-Kellen</p> http://blogs.msdn.com/silverlight_sdk/archive/2008/11/11/wcf-http-and-security-topics-for-silverlight.aspx#9164821Tue, 02 Dec 2008 18:09:58 GMT91d46819-8472-40ad-a661-2c78acb4018c:9164821cherylws<p>Kellen,</p> <p>Thanks for your comment. I checked with the team responsible for the sockets implementation and there are valid security reasons for the restrictions you mention. They cannot allow users to make security decisions through prompting because they are concerned about risks to the network, not just the individual client. </p> <p>Cheryl</p>