Silverlight implements isolated local storage on the client. Currently in the Alpha, the storage is limited to 1MB per web application and is keyed to the full URL of the XAML/HTML page. That means for this alpha release, two pages that are part of the same application served from the same domain will have separate isolated storage. In later beta releases, support will be added to allow configuration of isostorage quotas by users or corporate configuration profiles.
Isolated storage is stored outside the browser cache. This suggests to me that the lifetime of the data in the isostorage is independent of the browser cache settings – isostorage won’t be wiped out when the user clears the browser cache.
Silverlight running in different browsers on the same machine will use the same isostorage area on the machine. If the user fires up your Silverlight web app in Safari on a Mac and your app writes something to isostorage, then if the user later fires up your Silverlight web app in Firefox on the same Mac, your app will find the data it wrote into local storage earlier in the Safari session.
Isolated local storage is not strictly protected on the local machine. It’s stored in the hidden App Data subdirectory in the user private directory. A determined user can drill down into this directory and possibly muck with your app data files. If you’re wanting to write sensitive data to the isolated storage that you want to trust has not been mangled by the user, you should consider encrypting the data.
Silverlight provides an OpenFileDialog functionality. It manages the UI of prompting the user to select file(s) on the local system and providing them to Silverlight code. The UI uses the open file dialog of the native OS, so that Mac users see Mac file open behaviors while Windows folks see Windows File Open dialogs.
The filenames returned by OpenFileDialog are stripped of all path information to minimize accidental disclosure of sensitive info that might be embedded in the file path, such as the user’s login id.
Files selected by the user and returned by OpenFileDialog can only be opened by Silverlight code in read-only mode. This is also for safety reasons. Neither OpenFIleDIalog nor isolated storage ever allow web app code to write to arbitrary locations on the local machine.
This post was originally published on my MSDN blog while I was at Microsoft.