silverlight isolatedstorage security implications

Question

I have a LOB application in SL, one of the aims is to save partially entered data to persist user's state. for example, you start adding a new employee to system, close the browser (or it crashes), next time you open the browser, you have whatever data you had entered before.

the saving and loading is easy, I was wondering if there is already a best practice for securing the data, considering both encryption and decryption happen on the same machine and same code, it looks a bit tricky...

Answer 1

It looks like the best practice is to encrypt the data:

http://msdn.microsoft.com/en-us/magazine/dd458794.aspx

You're right though, since the encryption and decryption happen on the same machine a determined hacker could get to the data, so it would never be 100% secure. You could create a WCF service on the server to perform encryption or decryption to separate the two if you want.