But at least you wouldn't have "viewing a document can execute arbitary code" type problems. Cross-site scripting, for instance, would still remain an issue. Finally, there are other security holes that can be targeted, but usually they will be less severe than you'd find with an unmanaged application. But that also means you'd have to have your plugins written and executed in a similar way (Flash?). So, yes, a fully safe, managed browser itself wouldn't fall prey to those specific exploits. However, these are relatively rare issues, and the surface area is far less than it'd be otherwise. NET?) security holes where a maliciously formed assembly could force the actual CLR to execute arbitrary code. While the CLR generated code (i.e., the JIT'd of your application) will be safe, the loader and verifier themselves are usually written in a lower language. The security holes you would see in a managed browser would be if it let arbitrary code be loaded, using the CLR as a safe environment. It's just rather cumbersome and unlikely to be used in a real application.) It is has a runtime which is subset of CLR (Common Language Runtime). It provides the ease of deployment and updates with responsiveness close to the desktop applications. It bridges the gaps between desktop and web applications. (As a side note, C# can still perform unsafe actions and set itself up to execute arbitrary code. Silverlight is Microsofts solution to build RIA(Rich Internet Applications). Safe systems verify the code to be free from those effects. NET or Java) don't allow the application to violate those constraints.īuffer overflows and many other remote-code exploits occur because the constraints in those languages and runtimes provide no checking and cannot guarantee the program won't do something like execute arbitrary code in memory. Applications with a safe type system (not just.
0 Comments
Leave a Reply. |