I've been messing around with Silverlight sockets and after scratching my head a bit as to why my connections were being denied I realized I needed to set up a policy server. Silverlight connects to the policy server port on the host specified by the socket connection. The policy server returns an XML file designating what access is allowed onto that host.
Am I understanding this correctly? What is the point of this? Couldn't any malicious user simply ignore the policy file and do whatever they wanted?
I finally figured out one good reason to do this.
Silverlight apps have the possibility of being distributed/executed very quickly. Say, as advertisements on a popular site for example. In that case it would be very easy for someone to use a Silverlight app to run a DoS attack on a host simply by giving it to an advertising provider. However since all Silverlight apps check the policy file for the host first it limits what hosts and services this kind of attack can target.
