NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Allowed Usage and Security Risks

The allowed usage specified by the IsolatedStorageFilePermission determines the degree to which code will be allowed to create and use isolated storage. The following table shows how the allowed usage in the permission maps to types of isolation, and it also summarizes the security risks associated with each allowed usage.

Allowed Usage Isolation Types Security Impact
None No isolated storage use allowed. None.
DomainIsolationByUser User, domain, and assembly. Data is contained by domain. Each assembly has a separate substore within the domain.

Potential denial-of-service.

AssemblyIsolationByUser User and assembly. Potential for leaking information between applications.
UnrestrictedIsolatedStorage All users, domains, and assemblies. Potential for total compromise.
AdministerIsolatedStorageByUser View or delete a user's files or directories. The most powerful allowed usage, which brings the greatest security risk. These risks include, but are not limited to, leaking information and data loss.