Silverlight 4 的 WriteableBitmap *真的*会以 DRM 的名义削弱合法的跨域访问吗?

发布于 2024-09-11 11:15:38 字数 864 浏览 4 评论 0原文

一年前的这个帖子中,解释了WriteableBitmap 将阻止读取访问当它的任何部分来自外部域时 - 例如免费图像服务器。

进一步详细说明这是为了“DRM”。我猜有人在 Silverlight 中编写电影翻录程序会带来很大的威胁,其中包括来自另一个域的电影,然后重新捕获它......除了意识到您可以在该血腥的 xap 传输时重写它,然后重新捕获它这是同域的!但这既不在这里也不在那里。

不管怎样,显然我正在尝试使用 WritableBitmap 导出用户当前设置的屏幕截图;但我被这个跨域问题阻止了。

在最新版本的 Silverlight 中真的没有不支持的方法来执行此操作吗?没有 crossdomain.xml 或 clientaccesspolicy.xml?这对 Silverlight 来说不是“严重”吗?一个巨大的“去你的吧”,设置了半心半意的安全障碍,阻碍了开发人员,但无法阻止攻击者?

编辑:此问题与 这个问题在这里

In this thread from a year ago it's explained that WriteableBitmap will block read access when any part of it comes from an outside domain - say a free image server.

It's further elaborated upon that this is for "DRM". I guess there's some big threat of someone writing a movie-ripper in Silverlight that includes a movie from another domain and then re-captures it... except for the realization you can just rewrite the bloody xap as it comes down the wire and then it's same-domain! But that's neither here nor there.

Anyway, obviously I'm trying to use WritableBitmap to export a screenshot of the user's current setup; but I'm stopped by this cross-domain issue.

Is there really no supported way to do this in the latest version of Silverlight? No crossdomain.xml or clientaccesspolicy.xml? Isn't this crippling for Silverlight - a giant "Screw You", putting half-hearted security roadblocks in that impede developers but don't stop attackers?

Edit: This question is identical to this question here.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

甜中书 2024-09-18 11:15:38

许多出于合法目的而尝试这样做的开发人员都认同您的观点。有一些解决方法,它们要么很古怪,要么很奇怪。但这可能是我见过的最好的:SIlverlight 4.0 中的屏幕捕获

只是再次阅读,发现您并不是在寻找 crossdomain.xml 解决方案。此页面还有一些其他选项(同样,没有“伟大”的解决方案): http ://betaforums.silverlight.net/forums/t/118030.aspx

另外,不确定这是否是一个选项,但您的应用程序作为 OOB 应用程序将不会仅限于 ClientAccessPolicy.xml 或 CrossDomain 中的安全检查.xml。浏览器外是您的选择吗?


编辑:
在进一步审查帖子和评论后,我相信(Tom,请确认这一点)不需要获取在自己的机器上运行的 SL 应用程序的用户实例的屏幕截图(类似于 Silverlight 中的客户支持 会处理得很好)。

相反,它是拍摄用户屏幕的图片(与 PrtSc-ish 相同)。在这种情况下,要困难得多,但并非不可能。 Rui 在此处展示了他的做法< /a>,但它依赖于用户计算机上已有的组件。 Jeremy 通过 Silverlight 4 Hack:使用本机/桌面 CLR 而无需 COM 注册,这将有效地允许访问。

Your sentiment is shared by many, many devs trying to do this for legit purposes. There are some work-arounds out there, all of them either hacky or bizarro. But this is probably the best one I've seen: Screen Capture in SIlverlight 4.0.

Just read again and saw that you're not looking for a crossdomain.xml solution. This page has some other options (again, no solution out there is "great"): http://betaforums.silverlight.net/forums/t/118030.aspx

Also, not sure if this is an option, but your app as an OOB app will not be restricted to security checks in ClientAccessPolicy.xml or CrossDomain.xml. Is Out-of-Browser an option for you?


EDIT:
Upon further review of the post and comments, I believe (Tom, please confirm this) that the need isn't to get a screenshot of the user's instance of the SL app running on their own box (which something like Customer Support in Silverlight would take care of pretty well).

Rather, it is to take picture of the user's screen (same as PrtSc-ish). In this case, it is a lot tougher, but not impossible. Rui show's how he does it here, but it relies on a component already being on a user's machine. Jeremy get's even more creative with Silverlight 4 Hack: Use Native/Desktop CLR Without COM Registration, which would effectively allow access.

埋葬我深情 2024-09-18 11:15:38

此 WritableBitmap 行为与 DRM 无关,与安全性有关。如果您尝试拍摄的屏幕截图显示包含来自不同域的内容的图像元素,则该域必须具有具有适当权限的 crossdomain.xml 文件。您可以联系域所有者并要求他们将 crossromain.xml 放在其域的根目录中。

或者,完全信任 OOB 应用程序应该可以解决这个问题,因为它不检查 crossdomain.xml。

好的,如果您有 >在您的可视化树中,并且您尝试从中创建 WriteableBitmap,WriteableBitmap 的像素访问将被锁定,无论 crossdomain.xml 与否。 (微软为你感到羞耻)。好消息是,您可以使用以下解决方法:使用 WebClient 加载图像;使用 OpenReadCompleted 处理程序中的流对图像调用 SetSource。创建 WriteableBitmap 并注意 Pixels 属性如何不再引发安全异常。远非理想,但可以管理。

This WritableBitmap behavior have nothing to do with DRM and everything to do with security. If the screenshot you trying to take shows image element with content from different domain then that domain must have crossdomain.xml file with appropriate permissions. You can contact domain owner and ask them to place crossromain.xml in the root of their domain.

Alternatively, Full-Trust OOB application should do the trick since it doesn't check for crossdomain.xml.

Ok, If you have <Image Source="http://crossdomain.com/someimage.jpg" /> in your visual tree and you try to create WriteableBitmap from it, that WriteableBitmap's pixel access will be locked, crossdomain.xml or not. (Shame on you microsoft). Good news (sorta) is, you can use following workaround: Load image using WebClient; call SetSource on image with stream from OpenReadCompleted handler. Create your WriteableBitmap and notice how Pixels property doesn't throw security exception anymore. Far from ideal, but manageable.

三生一梦 2024-09-18 11:15:38

正如相同问题中所解释的那样让 silverlight 允许您从可写位图中获取内容的唯一方法无需以下任何一项:

  • 浏览器外的
  • 服务/代码/应用程序/已root的GAC,否则安装在用户的计算机上
  • 提升信任

是代理内容并欺骗 silverlight 使其认为它们全部来自同一域

As explained in the identical question the only way to get silverlight to allow you to get the content out of a Writeable Bitmap without any of the following:

  • Out-of-browser
  • Service/Code/App/Rooted GAC otherwise installed on the user's Machine
  • Elevated Trust

is to proxy the content and trick silverlight into thinking it's all from the same domain.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文