The Role of Isolated Storage

For some scenarios, you should consider using isolated storage rather than classic file I/O. Isolated storage has the advantage that it can isolate data by user and assembly, or by user, domain, and assembly. Typically, in the first scenario, isolated storage stores user data used by multiple applications, such as the user's name. The following C# snippet shows how to achieve this:

using System.IO.IsolatedStorage; ... IsolatedStorageFile isoFile = IsolatedStorageFile.GetStore( IsolatedStorageScope.User IsolatedStorageScope.Assembly, null, null);

The latter scenario isolation by user, domain, and assembly ensures that only code in a given assembly can access the isolated data when the following conditions are met: when the application that was running when the assembly created the store is using the assembly, and when the user for whom the store was created is running the application. The following Visual Basic .NET snippet shows how to create such an object:

Imports System.IO.IsolatedStorage ... Dim isoStore As IsolatedStorageFile isoStore = IsolatedStorageFile.GetStore( _ IsolatedStorageScope.User Or _ IsolatedStorageScope.Assembly Or _ IsolatedStorageScope.Domain, _ Nothing, Nothing)

Note that isolated storage also supports roaming profiles by simply including the IsolatedStorageScope.Roaming flag. Roaming user profiles are a Microsoft Windows feature (available on Windows NT, Windows 2000, and some updated Windows 98 systems) that enables the user's data to follow the user around as he uses different PCs.

NOTE
You can also use IsolatedStorageFile.GetUserStoreForAssembly and IsolatedStorageFile.GetUserStoreForDomain to access isolated storage; however, these methods cannot use roaming profiles for the storage.

A major advantage using isolated storage has over using, say, the FileStream class is the fact that the code does not require FileIOPermission to operate correctly.

Do not use isolated storage to store sensitive data, such as encryption keys and passwords, because isolated storage is not protected from highly trusted code, from unmanaged code, or from trusted users of the computer.

XSLT Is Code!

Although XSL Transformations (XSLT) is not unique to the .NET Framework, it is widely used and well supported by the System.Xml.Xsl namespace. XSLT might appear to be nothing more than a style sheet language, but it is actually a programming language. Therefore, you should test your XSLT files as thoroughly as you would any other script or code module against malicious input, such as unanticipated XML document types.