After some experimentations with Silverlight 2.0, which have been very good so far, there is one thing I want everybody to think about when you start working on projects with Silverlight 2.0 which is accessibility to the source code by a consumer.
What?? you say... yes, a deployed Silverlight application can be downloaded to your local machine, the package (XAP) file can be opened, its assemblies extracted and the after that it is easy, just use reflector on the assemblies and you know every dirty secret.
Here is what you need to do:
- Go to a site where there is a bit of Silverlight running on for example http://www.lazylunchtime.com/Games/sudoku.aspx,
- View the source ("View Source") of the page which gives you the HTML structure,
- Locate the Silverlight control by searching for the text ".XAP"
(if you don't find it, you are either not on the correct page or the Silverlight app is based on JavaScript (this is a whole different story)
- get the filename of the Silverlight package (the one with the .xap at the end of it), in our example you will find "ClientBin/Sudoku.xap"
- go back to your browser, remove the file name from the URL and add the relative path and file you found in step 4 so you would get http://www.lazylunchtime.com/Games/ClientBin/Sudoku.xap
- Hit enter on the URL, now you get the download dialog box, save it to local disk
- open Windows Explorer and rename the file from Sudoku.xap to Sudoku.zip
- now you can just open it, view the structure of the package, extract the assemblies, get the XAML files, find out which other external files, to the package, need to be downloaded separately and so on.
Now the purpose I am showing you this is not to go out and steal somebody's code but rather to make you think about what kind of code you actually put in the package. There are a whole lot of other techniques you can use to load additional assemblies dynamically from outside the Silverlight package to minimize code access. Fore most I want to to think about what it means to make RIA's which in the end runs on your customer's machine, and the implication it has on the way you need to design your software.