DeviantSeev

If you're on .NET 4 then you should DEFINITELY apply the fix because your web.config file can be downloaded. 

If your Silverlight app is consuming a WCF service and that service also lives in ASP then you will need to apply the fix to that service as well.

As a side note: please remember that a Silverlight application is downloaded and runs from the user's local machine. You have to be really careful about how authentication and roles management is implemented because anybody can unzip the xap file, go through the code with .NET Reflector and figure out how to get past your authentication or roles implementation. (I'm talking about things like it's not enough to use visibility to hide certain screens or functionality from users)

Thanks.  I'm actually the DBA and only helping out on the C# side and wanted to get some information. 

We are using RIA Services and, honestly, I don't really understand how that ties with WCF, although I know that they are related in some way.

Your side note was very interesting to me because I was having a discussion with one of the other developers about where encryption and decryption of data should take place, especially since this is dependent on the role a user is in.  We are currently decrypting data in the DAL and only hiding the plain text value on the client.  Based on your comment I'd think we might want to go away from that and only decrypt the data on the server side if the user has rights, which was the way I was advocating, but not being an expert on the application development side I went along with the developer.  I'm not saying they are wrong, I'm just saying that this adds some more information to think about.

Thanks again.