A simple question, but google has no answer on th开发者_运维知识库at!
I'm hitting a wall today, because the PasswordBox in Silverlight is Sealed. I have no idea why they do that. Is somebody have an idea on that?Because if you can subclass it, you can introduce vulnerabilities into it.
Some vulnerabilities that might be introduced:
- Accessing
protected
members. - Creating special accessors to
protected
members. - 3rd Party Injection - someone else subclasses your class to get at the password.
PasswordBox isn't just sealed in Silverlight, but also WPF. According to the Silverlight team it is sealed because of security concerns, but they don't mention what those concerns are.
I don't see how any of the vulnerabilities mentioned here are valid since as a developer you have full access to the typed in Password which you can do whatever you want with.
精彩评论