locked
File from Isolated Storage appears on user's desktop. Why? RRS feed

  • Question

  • Hi there

    In my OUB application some data are saved in Isolated Storage file. This file appears on user's desktop automatically which I consider a security problem. How to prevent this appearance?

    Thanks.

    Thursday, November 26, 2015 2:58 PM

Answers

  • Thanks for Andy's and Juzer1's reply.

    Hi Renziglov,

    As far as I know, if we want to implement Isolated Storage in Silverlight application, we often use the IsolatedStorageFile class as below code shows. Please try modify your code with IsolatedStorageFile class.

                IsolatedStorageFile isoStore = IsolatedStorageFile.GetStore(IsolatedStorageScope.User | IsolatedStorageScope.Assembly, null, null);
    
                if (isoStore.FileExists("TestStore.txt"))
                {
                    Console.WriteLine("The file already exists!");
                    using (IsolatedStorageFileStream isoStream = new IsolatedStorageFileStream("TestStore.txt", FileMode.Open, isoStore))
                    {
                        using (StreamReader reader = new StreamReader(isoStream))
                        {
                            Console.WriteLine("Reading contents:");
                            Console.WriteLine(reader.ReadToEnd());
                        }
                    }
                }
                else
                {
                    using (IsolatedStorageFileStream isoStream = new IsolatedStorageFileStream("TestStore.txt", FileMode.CreateNew, isoStore))
                    {
                        using (StreamWriter writer = new StreamWriter(isoStream))
                        {
                            writer.WriteLine("Hello Isolated Storage");
                            Console.WriteLine("You have written to the file.");
                        }
                    }
                }   

    In my opinion, the first parameter of FileStream is the file path. If the path not assign the location (just as a file name with extension as your code shows), it will be save in the path of your application. If your application is installed on Desktop, the file will also be saved on Desktop.

    Best Regards,
    Weiwei

    • Marked as answer by Renziglov Friday, November 27, 2015 8:16 PM
    Friday, November 27, 2015 8:08 AM
    Moderator

All replies

  • What do you mean OUB?

    If it's out of browser then you can write to any of the user's folders in appdata instead of isolated storage.

    By default, isolated storage is in the user's appdata, the user will be able to get at them. They are hidden files though.

    https://msdn.microsoft.com/en-us/library/3ak841sy(v=vs.95).aspx

    Other users probably won't be able to, but that rather depends on their authority.

    You can encrypt:

    https://msdn.microsoft.com/en-us/library/dd153755%28v=vs.95%29.ASPX?f=255&MSPPError=-2147217396


    Hope that helps.

    Technet articles: WPF: MVVM Step 1; All my Technet Articles

    Thursday, November 26, 2015 4:22 PM
    Moderator
  • Hi there

    Yes, it is out-of-browser. I understand it can be encrypted, but the fact that it is on the desktop, visible, feasible and can be easily erased poses a huge security problem.

    As per "any of the user's folders": I do not know the structure of user's file storage beforehand. Hence, it must be configured on the user's side. Once configured, where to save it? Easy answer: in my config file. File that keeps its location as its own data - I do not dare to solve this puzzle. One need to read the file first to know where to read it from. Huge brain teaser.

    My question is simple: why the code below

    using (FileStream file = new FileStream("cookie.dat", FileMode.Create, System.IO.FileAccess.Write))
    {
        byte[] bytes = new byte[ms.Length];
        ms.Read(bytes, 0, (int)ms.Length);
        file.Write(bytes, 0, bytes.Length);
        file.Close();
    }

    leaves the "cookie.dat" on user's desktop?

    BTW, it is not so at the dubugging time when I run application on my computer. It happens only after the app has been uploaded to a client.

    Thoughts?

    Thursday, November 26, 2015 9:22 PM
  • It happens only after the app has been uploaded to a client.

    If publish this application on your local computer and install it on local, will it happen? You also can try run this application in Release mode to check whether still has this problem.

    Could you please tell us how do you publish and upload your application to a client? May be there something wrong when you publish it.

    Friday, November 27, 2015 7:47 AM
  • Thanks for Andy's and Juzer1's reply.

    Hi Renziglov,

    As far as I know, if we want to implement Isolated Storage in Silverlight application, we often use the IsolatedStorageFile class as below code shows. Please try modify your code with IsolatedStorageFile class.

                IsolatedStorageFile isoStore = IsolatedStorageFile.GetStore(IsolatedStorageScope.User | IsolatedStorageScope.Assembly, null, null);
    
                if (isoStore.FileExists("TestStore.txt"))
                {
                    Console.WriteLine("The file already exists!");
                    using (IsolatedStorageFileStream isoStream = new IsolatedStorageFileStream("TestStore.txt", FileMode.Open, isoStore))
                    {
                        using (StreamReader reader = new StreamReader(isoStream))
                        {
                            Console.WriteLine("Reading contents:");
                            Console.WriteLine(reader.ReadToEnd());
                        }
                    }
                }
                else
                {
                    using (IsolatedStorageFileStream isoStream = new IsolatedStorageFileStream("TestStore.txt", FileMode.CreateNew, isoStore))
                    {
                        using (StreamWriter writer = new StreamWriter(isoStream))
                        {
                            writer.WriteLine("Hello Isolated Storage");
                            Console.WriteLine("You have written to the file.");
                        }
                    }
                }   

    In my opinion, the first parameter of FileStream is the file path. If the path not assign the location (just as a file name with extension as your code shows), it will be save in the path of your application. If your application is installed on Desktop, the file will also be saved on Desktop.

    Best Regards,
    Weiwei

    • Marked as answer by Renziglov Friday, November 27, 2015 8:16 PM
    Friday, November 27, 2015 8:08 AM
    Moderator
  • I agree with WeiWei.

    You're not actually using Isolated storage with your code there.

    The file will be written to "cookie.dat".

    You could go find appdata but just using isolated storage is kind of the obvious way to go unless you have more than 1 meg of data.

    If you are storing large files then appdata is a better idea.

    You can get the path to that using this:

    string appdatapath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);

    Obviously, you have to use that path when you save and read your file.

    Note:

    This will fail on Silverlight running in browser.

    I mention this in case someone else reads this thread.


    Hope that helps.

    Technet articles: WPF: MVVM Step 1; All my Technet Articles

    Friday, November 27, 2015 11:27 AM
    Moderator
  • Ok, as soon as I fall back on IsolatedStorage (not FileStream) everything works Ok. File is no longer on the desktop.

    Thanks.

    Friday, November 27, 2015 8:16 PM