Saturday, 21 August 2010

What is Restricted/Allowed under Sandboxed Solutions

You can target your solution as sandboxed only if all of your solution component fall within following SharePoint items:

 Web Parts (code only; not visual Web Parts)
 Event receivers
 Content types
 List templates
 List instances
 Custom actions
 InfoPath forms

You can not target your solution as sandboxed, in case any of your solution components fall within following SharePoint items:

 Visual Web Parts (they contain web controls that have to be deployed to disk)
 Business data connectivity models
 Application pages
 User controls
 Call web services in an intranet or over the Internet
 Access data outside the site collection where the solution has been deployed
 Read and write files with your code
 Run code that is not marked to allow partially trusted callers
 Use objects above SPSite (e.g., SPFarm)
 Use security-related functions (RunWithElevatedPreviledges)
 Impersonation of Users
 Custom Workflow or programmatically invoking SharePoint Designer workflow
 Programmatically accessing Taxonomy data/ Metadata Management

Looking at the above allowed/restricted items, it is quite evident that Sandbox solutions would provide more security and control but lesser features. Whereas farm based solution would not restrict any thing but it would developer’s prerogative to handle the security and avoid malicious code, which would result into more number of code reviews and unit testing

No comments:

Query List/Document Library in Specific Folder

To query SharePoint List or Document Library in specific Folder “ FolderServerRelativeUrl ” as part of the CAML Query Code Snippet ...