You can target your solution as sandboxed only if all of your solution component fall within following SharePoint items:
Web Parts (code only; not visual Web Parts)
Event receivers
Content types
List templates
List instances
Custom actions
InfoPath forms
You can not target your solution as sandboxed, in case any of your solution components fall within following SharePoint items:
Visual Web Parts (they contain web controls that have to be deployed to disk)
Business data connectivity models
Application pages
User controls
Call web services in an intranet or over the Internet
Access data outside the site collection where the solution has been deployed
Read and write files with your code
Run code that is not marked to allow partially trusted callers
Use objects above SPSite (e.g., SPFarm)
Use security-related functions (RunWithElevatedPreviledges)
Impersonation of Users
Custom Workflow or programmatically invoking SharePoint Designer workflow
Programmatically accessing Taxonomy data/ Metadata Management
Looking at the above allowed/restricted items, it is quite evident that Sandbox solutions would provide more security and control but lesser features. Whereas farm based solution would not restrict any thing but it would developer’s prerogative to handle the security and avoid malicious code, which would result into more number of code reviews and unit testing
No comments:
Post a Comment