This project has moved and is read-only. For the latest updates, please go here.

How to sandbox the MEF plug-ins ?

Apr 18, 2011 at 8:35 AM


My question applies to MEF and more generally to plugins.

In silverlight apps, MEF makes it very easy to write a host app that can accept some plugins registered dynamically.

This is all great, but how do you handle malicious plugins ?

For example, imagine that someone writes a plugin that listens to the key strokes entered by the user and manages to get password of users sent to its own server !

Is there any guidance on that ?

Apr 18, 2011 at 11:12 AM
Edited Apr 18, 2011 at 11:39 AM

1) Wouldn't the injection of a malicious plugin into a XAP require that the attacker already has full access to your web server? In that case the attacker has full control over your silverlight application whether you use MEF or not.

2) I don't think it is possible to create a key logger in silverlight. Silverlight applications run in a sand-boxed environment and can only capture key strokes which are entered inside the Silverlight application.

3) The best you can do to protect yourself against a compromised web-server or sophisticated man-in-the-middle attacks is to sign your XAP. But even then your users need to be savvy enough to notice that something is wrong when the attacker replaces your signed application by an unsigned one.