A developer can easily pollute a SharePoint farm by exposing components to unintended audience as the following.
- In MOSS, you cannot target a feature to a specific site, site collection or web application. A deployed feature is visible to SharePoint administrators everywhere in the SharePoint Farm even though the feature should be used in a very specific context.
- Deploying a Dll to GAC makes the Dll fully trusted and accessible to the entire server. Any code running on the server may use the Dll.
- A user control deployed to the ControlTemplates directory can be used by any ASP.NET components deployed to the farm.
- An application page deployed to the Layouts directory is visible to end users from any SharePoint site in the Farm. Most importantly, you cannot manage the security permission on the Page easily. The page will observe the default security permission for all the pages in Layouts directory. Also, the code behind dll for an application page has to have full trust since everything in Layout has full trust. This violates the basic security principle.
Item 4 will do the most damage since end users will see the pollution right way and it is not easy to apply security to the page to fix it. Item 1 will only affect SharePoint administrators. Item 2 and 3 will affect developers and infrastructure team.
However, Item 4 is the least aware among developers since it is just so easy.
An alternative to create an application page is to deploy the page to a document library in the site needing the page. Because it is in a document library, you can apply different security policies to the page. So only the right people can access the page with the right permissions. Also, the code behind dll of it can be deployed to bin directory without full trust since it is not in Layouts directory. Obviously, this approach solves all the issues listed in Item 4.
No comments:
Post a Comment