Pega SIlverlight Prerequisites elevate trusts in browser. Why? Our company does not allow this
Pegasystems Inc.
US
HI Terrance,
Invoking Silverlight plugin includes in-browser and Out-of-Browser Support. And this is a prerequisite from Microsoft itself while running Silverlight plugin.
Please see the note section from the below link more details on why it's required.
Enable Trusted Applications to Run Inside the Browser - https://msdn.microsoft.com/en-us/library/gg192793(v=vs.96).aspx
Pegasystems Inc.
US
Pega Silverlight based integration with MS Word by design requires write access to the local file system, network connectivity, and privileges to launch third party applications using COM automation. This can only be achieved by allowing elevated trust in browser.
https://msdn.microsoft.com/en-us/library/dd470128%28VS.95%29.aspx?f=255&MSPPError=-2147217396 provides more detailed explanation of Silverlight security model.
The allowelevatedtrustappsinbrowser=1 registry setting represents a trade-off between reduced security and convenient functionality and therefore should be deliberately considered by the enterprise.
It should be noted that even with this compromise, Silverlight controls represent significant security improvement over ActiveX based integration with third-party application on desktop.
United Health Group
US
We are still getting push back so we need to give more justification.
Can you tell me where everywhere the silver light prereqs are used in PRPC 7.1 and 6.2? I imagine at the very least it is needed by the application profiler to generate the application document?
United Health Group
US
Our company does not allow for the install of these Silverlight prerequisites. What other companies allow this or how many other companies do you know allow for this?
Pegasystems Inc.
US
I cannot publicly expose any customer-specific data, especially security trade-off related. I do not have relevant statistics and doubt I would be allowed to share, even if I had them.
Pega certainly has customers who chose to install Silverlight prerequisites.
Pegasystems
US
As of Pega 7.1.8, silverlight is no longer required to generate the Application Document. the App Doc was converted to be generated server side, which requires no browser plug-ins.
Virtusa Corporation
CA
Hi Jessica,
We are upgrading our 6.2 Pega app to Pega 7.1.8. We have word merge functionality requiring Silverlight.
Our users, though have right version of Silverlight, still getting Silverlight Installation Required pop-up.
Can you throw some light on this issue?