Home > Articles > Programming > ASP .NET

Isolated Storage

  • Print
  • + Share This
Like this article? We recommend

Security Considerations

Every type of data storage has some inherent security risks, and isolated storage is no exception. As I stated previously, isolated storage is secured from less-trusted applications, but trusted computer users, administrators, and trusted code have full access to the file system in which isolated storage files are kept.

The isolated storage system includes a per-user quota on the amount of data that can be persisted to isolated storage. This quota helps to avoid a denial-of-service attack in which a user attempts to fill the hard drive with application settings or other information saved in isolated storage. Although the quota is a big help, it cannot fully prevent such an attack because applications can bypass permission quotas by presenting different user identities. Quotas provide a guideline for how code should behave, rather than placing a hard limit on the amount of data that can be stored. Finally, quotas are not enforced on roaming profiles.

Both of these considerations would apply to any kind of persistent storage. Given the other benefits, isolated storage is the best option for persisting application-specific user settings in .NET programs.

  • + Share This
  • 🔖 Save To Your Account