Once upon a time, there was a WPF application that had two types of users:
The UI had two buttons. One button allowed anyone to view an account. The other button, though, was only for certain privileged people to click, because it deleted an account.
When the program was first released, a careless developer introduced a subtle bug in the logic which determines if an account can be deleted.
For 99% of the non-privileged users, it never dawned on them that it was possible to delete an account when they ran the program.
One of the users had a grudge against the world, and also some knowledge of a little tool known as Snoop. He was determined to bring down The Man one account at a time.
When this malicious user ran the app, he snooped around until he found the hidden Delete Account button.
He found that button’s Visibility property and set it to ‘Visible’.
Since the careless developer did not expect that button to ever be visible when the user is not allowed to see it, the button was not disabled and could be clicked.
Tempting fate, the jaded user clicked the button.
After much fire and brimstone fell from Corporate Skies, the once careless developer learned a valuable lesson. He understood that WPF element trees can be viewed and modified while the application is running. He sharpened his code-sword and prepared for battle.
In one swift movement, he defeated his foe.
After the new version of the application was deployed, the malicious user once again attempted his devious maneuver. However, this time, he found that after unearthing the Delete Account button in Snoop, the button was disabled.
He could not click it. The button’s IsEnabled property could not even be set to true, since the Delete command’s CanExecute handler was forcing the button to be disabled. He could not use the application to continue his rampage against The Man. It broke his heart, and he cried.
Download the application’s source code here (rename the file extension from .DOC to .ZIP).