Export (0) Print
Expand All

Allowed Usage and Security Risks

The allowed usage specified by the IsolatedStorageFilePermission determines the degree to which code will be allowed to create and use isolated storage. The following table shows how the allowed usage specified in the permission corresponds to types of isolation and summarizes the security risks associated with each allowed usage.

Allowed usageIsolation typesSecurity impact
NoneNo isolated storage use is allowed.There is no security impact.
DomainIsolationByUserIsolation by user, domain, and assembly. Each assembly has a separate substore within the domain. Stores using this permission are also implicitly isolated by computer.This permission level leaves resources open to unauthorized overuse, although enforced quotas make it more difficult. This is called a denial of service attack.
DomainIsolationByRoamingUserSame as previous, but store is saved to a location that will roam if roaming user profiles are enabled and quotas are not enforced.Because quotas must be disabled, storage resources are more vulnerable to a denial of service attack.
AssemblyIsolationByUserIsolation by user and assembly. Stores using this permission are also implicitly isolated by computer.Quotas are enforced at this level to help prevent a denial of service attack. The same assembly in another domain can access this store, opening the possibility that information could be leaked between applications.
AssemblyIsolationByRoamingUserSame as previous, but store is saved to a location that will roam if roaming user profiles are enabled and quotas are not enforced.Same as previous, but without quotas, the risk of a denial of service attack increases.
AdministerIsolatedStorageByUserIsolation by user. Typically, only administrative or debugging tools use this level of permission.Access with this permission allows code to view or delete any of a user's isolated storage files or directories (regardless of assembly isolation). Risks include, but are not limited to, leaking information and data loss.
UnrestrictedIsolatedStorageIsolation by all users, domains, and assemblies. Typically, only administrative or debugging tools use this level of permission.This permission creates the potential for a total compromise of all isolated stores for all users.

See Also

Securing Isolated Storage | Isolation by User and Assembly | Isolation by User, Domain, and Assembly

Show:
© 2015 Microsoft