Isolated storage is the final aspect of .NET runtime security we discuss. Isolated storage is a data storage mechanism that allows managed code to store user and application-specific data to disk. The use of isolated storage simplifies programming and minimizes the security risks associated with allowing code to store data to a computer’s hard drive. In this chapter, we describe what isolated storage is and explain where it provides benefits over existing data storage options. We demonstrate how to use isolated storage in your own programs, as well as how to administer and control access to it.
Many applications need to write data to a persistent store so that it’s available each time the application runs. Data, such as user preferences and application state, is generally user-specific and needs to be stored in such a way that other users, and possibly other applications, cannot access and modify it. On the Windows platform, there has been no standard method of doing this, and therefore different applications have taken different approaches. These include using the Windows registry, configuration files (such as .ini files), or databases.
Windows features such as role-based security, ACL-based file
permissions, user profiles, and the registry’s
HKEY_CURRENT_USER hive make it relatively easy for code to store data that other users cannot access. However, it is not so easy to ensure that applications run by the same user cannot ...