A simple question, but google has no answer on that!
I'm hitting a wall today, because the PasswordBox in Silverlight is Sealed. I have no idea why they do that. Is somebody have an idea on that?
Asked
Active
Viewed 580 times
4
Cyril Gandon
- 16,830
- 14
- 78
- 122
-
1What would you need to subclass it for? – Gabe Sep 19 '11 at 13:00
-
3Rather than worry about why PasswordBox is sealed, can you explain what you are actually trying to accomplish as that is the real problem you need to solve? :) – iCollect.it Ltd Sep 19 '11 at 13:03
-
I succeed by using composition instead of inheritance, but I think this is still a valid question. – Cyril Gandon Sep 20 '11 at 11:11
2 Answers
8
Because if you can subclass it, you can introduce vulnerabilities into it.
Some vulnerabilities that might be introduced:
- Accessing
protectedmembers. - Creating special accessors to
protectedmembers. - 3rd Party Injection - someone else subclasses your class to get at the password.
Daniel A. White
- 187,200
- 47
- 362
- 445
-
1
-
1I don't understand. The only protected members are the ones invoked before events like `OnMouseMove`. There's certainly no harm in accessing or exposing those. Since `Password` is already public, how is there harm in allowing subclasses? – Gabe Sep 19 '11 at 13:40
-
1Like the others, I don't fully understand the arguments. Can you provide an example? – Cyril Gandon Sep 20 '11 at 07:31
5
PasswordBox isn't just sealed in Silverlight, but also WPF. According to the Silverlight team it is sealed because of security concerns, but they don't mention what those concerns are.
I don't see how any of the vulnerabilities mentioned here are valid since as a developer you have full access to the typed in Password which you can do whatever you want with.
