In The Mix

As a SharePoint architect I have the business behind me and the Developers and IT Pro on my shoulders.

Web Parts security on SharePoint 2010 October 20, 2009

Filed under: SharePoint 2010 — fmuntean @ 4:51 pm

Just got out of a presentation where we got a deep dive into the new Web Part Framework for SharePoint 2010.

If you have built any web part in SharePoint  2010 and Contributors were allowed to change the custom properties once upgrading your farm to SharePoint 2010 due to a new feature, Cross-Site Scripting Safeguarding, the site contributors will not be able to see or edit the custom properties.

There are two ways to let the existing contributors on see/edit those properties:

– I would see many people that will just give them designer rights, which I don’t recommend as they will get much more power than you expect.

– The only other recommended way is to go back to development and make sure that all properties are safe from XSS (Cross-Site Scripting) by using any of the existing techniques, as encoding any string received before executing and then change the SafeAgainstScript attribute on the SafeControl tags.

On the positive side is that SharePoint 2010 makes developers more aware of the security issues with the Web Parts.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s