Architecture question

Apr 19, 2011 at 1:47 PM
Edited Apr 19, 2011 at 1:47 PM


So I have built the example template and can run it locally and in Azure (once i changed the storage accounts)

But it got me thinking.


So a WP7 XAP it transmitted in the clear and so can be assumed to be compromised. Hence why code obfuscation helps (although just security by obscurity)


So with this tool-kit you are adding the storage key to the XAP , which is a bit scary.

1) Someone could get the key and create you a huge bill.

2)The WP7 key gives read/write access to all the storage accounts data. I can create multiple accounts and just have a staging account, but how do you deal with uploading data.


Are there any plans to introduce a "staging" functionality?




Apr 19, 2011 at 2:54 PM
Edited Apr 19, 2011 at 3:31 PM


If I understand correctly, I think you are mistaken.  At no point do we ever recommend storing the Windows Azure Storage Account Name and Key on the phone device.  The toolkit only stores these values in the services that run up in Windows Azure.  The phone application has to proxy through these services in order to access storage.  This is one of the major benefits of using this toolkit.

I believe the documentation should be pretty thorough in documenting this - when you have a moment, please take a look.  If you feel we're missing something that more explicitly calls this out *please* let me know and I'll try to resolve.



Apr 19, 2011 at 3:27 PM

Sorry I clearly misunderstood how it works.


Apr 19, 2011 at 3:32 PM

My bad. Please let me know if we need to better document anything with the tool!