Storage Account Security Question

Sep 14, 2011 at 10:00 PM
Edited Sep 14, 2011 at 10:07 PM

I am building an achievements framework for my WP7 game using Azure Table Storage as the backend. I originally started with an architecture like so:

Azure Table Storage --> WCF Service --> WP7 App

As I started reading more about the Windows Azure Toolkit for Windows Phone it sounds like this may be a more streamlined solution.
Azure Table Storage --> WP7 App
I have a concern about security regarding my table storage account name and access key. Are these stored on each and every individual phone or is some sort of security access signature produced behind the scenes?
I couldn't find an article to address this question, if one exists could someone please forward me the link?
Also, I have already written my table storage entities and I have them storing in a pre-existing Azure account. Is there a way to use the Windows Azure Toolkit for Windows Phone to connect to this pre-existing data?
Sep 14, 2011 at 10:39 PM

I had the same Dilemma.

I would not directly connect the client to the database. You can encrypt the login etc, but assume it will be hacked if your product raises above the radar, therefore your database is exposed. By using a WCF service, your database is safe behind Microsoft's walls (presumably) and all that can happen is that someone can attack your service.. Add in some basic checks on your service (i.e. > x per minute transactions or x transactions per userid per minute etc...) and you should be safe-ish.

I'm assuming by Table-->App you mean WCF Data Services, but even if not, the issue remains that you need to transmit the info to access the database over the internet to access a database directly. 

WCF also gives you more control over what you send and receive in terms of bytes, at least in my case I'm returning integers instead of records, to the client, although I'm not an expert.

Sep 14, 2011 at 10:45 PM

Thanks for the reply. 

In this case I mean table storage directly, i.e. some kind of connection URL with a base-64 looking hash.  I could have sworn I saw a blog post somewhere mentioning that a SAS was generated automatically to ensure security from the phone to azure.  That way, even if my code gets decompiled I won't have my account credentails compromised.

I do agree that I get a lot more versitility and control with WCF.  I was just hoping to avoid it so that I wouldn't have to worry about message security as much (transport security would be handled with HTTPS).  From what I've read message security is a real pain with WP7 Silverlight + WCF. 

I wonder if there is a whitepaper out there somewhere about the Azure security model and how it pertains to Silverlight/WP7.

Sep 15, 2011 at 4:18 AM
Edited Sep 15, 2011 at 4:25 AM

Ah ha, I found the blog post.

However, it seems to be referring to blob storage with a SAS.  I wonder if we can get additional clarification on how table storage security works from WP7?  It's starting to look more and more like I need WCF.