From db3f88efde2a87a7c2bcf49fa6c7d9bed278f2dc Mon Sep 17 00:00:00 2001 From: Hong Li Date: Fri, 4 Oct 2024 13:42:01 -0700 Subject: [PATCH] Update workflow-security doc to incoporate more security guidelines --- .../framework/windows-workflow-foundation/workflow-security.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/framework/windows-workflow-foundation/workflow-security.md b/docs/framework/windows-workflow-foundation/workflow-security.md index 6202134249608..de3ca59e0de48 100644 --- a/docs/framework/windows-workflow-foundation/workflow-security.md +++ b/docs/framework/windows-workflow-foundation/workflow-security.md @@ -10,6 +10,9 @@ ms.assetid: d712a566-f435-44c0-b8c0-49298e84b114 Windows Workflow Foundation (WF) is integrated with several different technologies, such as Microsoft SQL Server and Windows Communication Foundation (WCF). Interacting with these technologies may introduce security issues into your workflow if done improperly. +> [!NOTE] +> Workflows describe the order of execution and dependencies between short- or long-running tasks. As a code execution mechanism, only trusted code should be loaded and executed. Developers must ensure that only trusted workflows are used with applications using WF. + ## Persistence Security Concerns 1. Workflows that use a activity and persistence need to be reactivated by a service. Windows AppFabric uses the Workflow Management Service (WMS) to reactivate workflows with expired timers. WMS creates a to host the reactivated workflow. If the WMS service is stopped, persisted workflows will not be reactivated when their timers expire.