Many applications need to store
state or user preferences so that they are available the next time
the application runs. Windows applications usually store this type of
data in configuration files, the Windows registry, or external
For regularly used applications that are trusted, you will configure
CAS security policy to give the application access to the required
resource so that it can store this data successfully. However,
because your hard disk, registry, and databases contain important
information, it is unlikely that you will want to configure CAS to
allow unknown and untrusted code to access them. Nor do you want to
have to reconfigure security policy every time you install a new
application or download mobile code from the Internet.
Isolated storage provides a safe storage area on the hard disk where
managed code can store noncritical data. The .NET runtime manages
isolated storage to ensure that code cannot access other
code's data and to limit the space used by each
application. Most importantly, because the interfaces and CAS
permissions that control access to isolated storage are different
from those of normal file I/O, the risk of malicious code using
isolated storage as a gateway through which to access other data on
the hard drive is minimized. Figure 5-4 illustrates
two managed applications that store data to the hard drive.
Figure 5-4. Isolated storage
The developer of an application must decide to use isolated storage;
it is not something you can force any application to use.
In Figure 5-4, Application A accesses its data
through the .NET Framework's isolated storage
mechanism, while Application B accesses the hard disk directly. We
Provide a detailed discussion of isolated storage in Chapter 11.