Allowed Usage and Security Risks
The allowed usage specified by the IsolatedStorageFilePermission determines the degree to which code will be allowed to create and use isolated storage. The following table shows how the allowed usage specified in the permission corresponds to types of isolation and summarizes the security risks associated with each allowed usage.
Allowed usage |
Isolation types |
Security impact |
|---|---|---|
None |
No isolated storage use is allowed. |
There is no security impact. |
DomainIsolationByUser |
Isolation by user, domain, and assembly. Each assembly has a separate substore within the domain. Stores using this permission are also implicitly isolated by computer. |
This permission level leaves resources open to unauthorized overuse, although enforced quotas make it more difficult. This is called a denial of service attack. |
DomainIsolationByRoamingUser |
Same as previous, but store is saved to a location that will roam if roaming user profiles are enabled and quotas are not enforced. |
Because quotas must be disabled, storage resources are more vulnerable to a denial of service attack. |
AssemblyIsolationByUser |
Isolation by user and assembly. Stores using this permission are also implicitly isolated by computer. |
Quotas are enforced at this level to help prevent a denial of service attack. The same assembly in another domain can access this store, opening the possibility that information could be leaked between applications. |
AssemblyIsolationByRoamingUser |
Same as previous, but store is saved to a location that will roam if roaming user profiles are enabled and quotas are not enforced. |
Same as previous, but without quotas, the risk of a denial of service attack increases. |
AdministerIsolatedStorageByUser |
Isolation by user. Typically, only administrative or debugging tools use this level of permission. |
Access with this permission allows code to view or delete any of a user's isolated storage files or directories (regardless of assembly isolation). Risks include, but are not limited to, leaking information and data loss. |
UnrestrictedIsolatedStorage |
Isolation by all users, domains, and assemblies. Typically, only administrative or debugging tools use this level of permission. |
This permission creates the potential for a total compromise of all isolated stores for all users. |