In this case, let's suppose that our web application will be downloaded and executed in a remote machine, something that can be considered as a hostile environment. We have just provided an alleged malicious user with a perfect laboratory with which he/she can try to manipulate our application since:
He/she will be able to see the binary code and resources (for example, binary XAML) by simply renaming the
XAP
file toZIP
It will be possible for him/her to access its source code by using a tool, such as a reflector (http://bit.ly/apbHRB)
The original libraries could be replaced in the XAP content by others with he same interface, but containing malware
It is also feasible to extract any critical data in the client code or configuration files
It cannot be forgotten that these issues are also found in different development technologies, such as HTML and JavaScript (where the code is directly exposed) or in a desktop application.
Consequently, our server must never trust the...