Wherein lies the danger of obtaining file times in Silverlight?

Question

Before uploading a file I need to salt the name with some additional information to increase the chance of the filename being unique (stateless-ly). Invoking FileInfo.LastWriteTime-get throws a SecurityException saying the process needs elevated priviledges.

I can see to some extent that there exists certain historical information about the user in such data, but also considering how easy it is to manipulate anyway, but why? Is there some other way to obtain similar information withouth requiring admin-hosted OOBs?

Answer 1

If there where a way to obtain this information without elevated privileges then it would be a vulnerability in Silverlight. It is common to see these RIA platforms to restrict this activity, Flex has similar restrictions.

If you just need a unique file name then you can use a timestamp+filename. or md5(timestamp+random_value)+filename.

Answer 2

No. Why? Because the approach to security in Silverlight is to keep the attack surface as small as possible. All that is really being granted by gaining a FileInfo is the file content. Why an application should even be privy to the name that content had when in the user's file system could be debated.

If you just need to make the name unique just use a Guid:-

 string fileTitle += Guid.NewGuid().ToString("D");