I consider this a "bug" of the Silverlight 3 beta. Hopefully it can be fixed by RTW. I originally posted this to the Silverlight 3 RTW Wishlist thread, but more I think about it the more it looks like a bug.
Currently WriteableBitmap becomes unreadable (an exception will be raised if attempted) once the Render() call has been invoked, meaning as soon as you draw any UI element to the bitmap you can no longer read or write the bitmap. This essentially makes WriteableBitmap
a lot less useful except for using it as an image source, or when the bitmap is completely code generated (i.e. setting the bytes one by one). In other words, even though it was advertised (by Microsoft folks) that this SL3 beta feature can be used for image
processing, such as red eye correction, it really cannot. Also you won't be able to save the bitmap image to a file because there is no read access. I was told that this is due to a security issue that is still being resolved. Hope that the Silverlight team
-- you guys are great, I know you can do it! -- will fix that by RTM.
For a more detailed discussion about this topic, see:
This is not actually a bug. We are blocking read access to the pixels intentionally after calling Render() in the Beta.
We are working on resolving this limitation in the final release of Silverlight 3. We definitely realize that this will enable important scenarios. At the same time we are taking any security considerations very seriously.
Thank you for your response. I didn't mean "bug" in the sense of unexpectedly wrong behavior, but rather "bug" in the sense that it significantly cripples WriteableBitmap in many otherwise legitimate use scenario. I definitely hope that you guys will resolve
this issue. I understand the importance of security... Silverlight will be completely useless if its security policy is flawed.
> I think the security concern is that a rogue Silverlight app could request images from sites the browser has authenticated on (your bank?), and read those pixels and send the bits up to a rogue server.
And my response:
> I can see the pretext (or is it context?). But the rogue SL application can also request the same Jpg as a byte stream from said bank, and send the Jpg as a byte stream to a rogue server?
Anyway, just some fruit for thought.
Stefan, while I have your attention, may I ask you the following question on Pixel Shader?
> Pixel Shader is another great feature in SL3, but so far I have only seen examples where you directly apply the effect to images, videos, or controls. There does not seem to be any API I can use to examine the result of applying Pixel Shader to a WriteableBitmap
(for the sake of argument let's say such bitmap is not generated by rendering so there is no security concern). In other words, is it possible to use Pixel Shader directly as a poor man's SIMD engine? I know Pixel Shader is not GPU-accelerated but still
it beats pixel-by-pixel direct manipulation through array indexing. Do you know whether this is possible? Let me know if you have more insight in this. Thanks!
Actually, the twist is that if WriteableBitmap allows read access after the Render() call, what I described would be possible -- I can simply set up a "test" image using a WriteableBitmap as the image source, apply the effect, and then render the image with
effect to another WriteableBitmap. However, I was thinking if there is a more direct route from WriteableBitmap to WriteableBitmap without going through the workaround.
Thanks for your help.
Visit http://www.tagxedo.com, a Silverlight-based word cloud generator. If you like it, please help me spread the word!
We don't typically comment on security concerns on public forums, for obvious reasons. The fact of the matter is that there is work left to do for us before we can enable the desired functionality. We are working to enable this for the final release of Silverlight
3.
The pixel effect scenario you described is another good example that will be enabled by this work.
ksleung
Contributor
6680 Points
1265 Posts
Need to fix the WriteableBitmap security issue
Mar 24, 2009 10:44 PM | LINK
Currently WriteableBitmap becomes unreadable (an exception will be raised if attempted) once the Render() call has been invoked, meaning as soon as you draw any UI element to the bitmap you can no longer read or write the bitmap. This essentially makes WriteableBitmap a lot less useful except for using it as an image source, or when the bitmap is completely code generated (i.e. setting the bytes one by one). In other words, even though it was advertised (by Microsoft folks) that this SL3 beta feature can be used for image processing, such as red eye correction, it really cannot. Also you won't be able to save the bitmap image to a file because there is no read access. I was told that this is due to a security issue that is still being resolved. Hope that the Silverlight team -- you guys are great, I know you can do it! -- will fix that by RTM.
For a more detailed discussion about this topic, see:
http://silverlight.net/forums/p/82223/194846.aspx#194846
WriteabelBitmap
StefanWick
Contributor
3004 Points
453 Posts
Microsoft
Re: Need to fix the WriteableBitmap security issue
Mar 25, 2009 07:26 AM | LINK
This is not actually a bug. We are blocking read access to the pixels intentionally after calling Render() in the Beta.
We are working on resolving this limitation in the final release of Silverlight 3. We definitely realize that this will enable important scenarios. At the same time we are taking any security considerations very seriously.
Thanks, Stefan Wick
ksleung
Contributor
6680 Points
1265 Posts
Re: Need to fix the WriteableBitmap security issue
Mar 25, 2009 07:51 AM | LINK
Stefan,
Thank you for your response. I didn't mean "bug" in the sense of unexpectedly wrong behavior, but rather "bug" in the sense that it significantly cripples WriteableBitmap in many otherwise legitimate use scenario. I definitely hope that you guys will resolve this issue. I understand the importance of security... Silverlight will be completely useless if its security policy is flawed.
One scenario Andy Beaulieu pointed out in the thread http://silverlight.net/forums/t/82223.aspx regarding the security concern was:
> I think the security concern is that a rogue Silverlight app could request images from sites the browser has authenticated on (your bank?), and read those pixels and send the bits up to a rogue server.
And my response:
> I can see the pretext (or is it context?). But the rogue SL application can also request the same Jpg as a byte stream from said bank, and send the Jpg as a byte stream to a rogue server?
Anyway, just some fruit for thought.
Stefan, while I have your attention, may I ask you the following question on Pixel Shader?
> Pixel Shader is another great feature in SL3, but so far I have only seen examples where you directly apply the effect to images, videos, or controls. There does not seem to be any API I can use to examine the result of applying Pixel Shader to a WriteableBitmap (for the sake of argument let's say such bitmap is not generated by rendering so there is no security concern). In other words, is it possible to use Pixel Shader directly as a poor man's SIMD engine? I know Pixel Shader is not GPU-accelerated but still it beats pixel-by-pixel direct manipulation through array indexing. Do you know whether this is possible? Let me know if you have more insight in this. Thanks!
Actually, the twist is that if WriteableBitmap allows read access after the Render() call, what I described would be possible -- I can simply set up a "test" image using a WriteableBitmap as the image source, apply the effect, and then render the image with effect to another WriteableBitmap. However, I was thinking if there is a more direct route from WriteableBitmap to WriteableBitmap without going through the workaround.
Thanks for your help.
StefanWick
Contributor
3004 Points
453 Posts
Microsoft
Re: Need to fix the WriteableBitmap security issue
Mar 25, 2009 02:53 PM | LINK
We don't typically comment on security concerns on public forums, for obvious reasons. The fact of the matter is that there is work left to do for us before we can enable the desired functionality. We are working to enable this for the final release of Silverlight 3.
The pixel effect scenario you described is another good example that will be enabled by this work.
Thanks, Stefan Wick
Albino
Member
14 Points
7 Posts
Re: Need to fix the WriteableBitmap security issue
Oct 20, 2011 07:36 PM | LINK
By now we have already a release candidate for Silverlight 5 and I still don't see a fix for this.