Protecting Your SharePoint Environment from the Evil Developers Robert Bogue Thor Projects

Slides:



Advertisements
Similar presentations
Designing InfoPath Forms: The Dos and Donts Deploying InfoPath Forms: Making the right choice Adding custom business logicin case the built-in stuff isnt.
Advertisements

SP Business Suite Deployment Kick-off
Designing, Deploying and Managing Workflow in SharePoint Sites Steve Heaney Product Development Manager OBS
Server 2012 R2 Essentials - What’s new ? Bart #techninebe Technine Group.
For Developers Who Hate SharePoint.  ~5 years web development experience  1 ½ years SharePoint experience  First worked with SharePoint in Dec. 2006,
Building Sandbox Solutions for SharePoint 2010 Scott Jamison Managing Partner, Jornata LLC
Re-Architecting Search Solutions with SharePoint’s new Federation Features ITP314, CIO314, PM314, IA314.
Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in Acceleratio specializes in developing high-quality enterprise.
Application Models for utility computing Ulrich (Uli) Homann Chief Architect Microsoft Enterprise Services.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Welcome to the Minnesota SharePoint User Group November 11 th, 2009 Prepare for SharePoint 2010 Wes Preston, Brian Caauwe Meeting.
JourneyTEAM - – Tales From The Field: 2010 to 2013 Upgrade Horror Stories and How to Avoid Creating a Horror of Your Own.
Microsoft SharePoint 2013 SharePoint 2013 as a Developer Platform
Becky Bertram SharePoint MVP
Fraser Technical Solutions, LLC
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
Workflow Solutions for Business Users and Knowledge Workers November 30th, 2010 Brendan Giles, PMP, MCP.
A GUIDE TO SHAREPOINT 2007 CUSTOMIZATION OPTIONS Heather Solomon, WSS MVP.
Debunking the Top 10 Myths of Small Business Server: Using Windows SBS in Larger Environments Abstract: This session will debunk some of the common myths.
Welcome to the Minnesota SharePoint User Group. Introductions / Overview Project Tracking / Management / Collaboration via SharePoint Multiple Audiences.
JourneyTEAM - – Tales From The Field: 2010 to 2013 Upgrade Horror Stories and How to Avoid Creating a Horror of Your Own.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
Teaching End User SharePoint Robert Bogue
© 2011 PLANET TECHNOLOGIES, INC. Extending User Profiles with Line of Business Data Patrick Curran, MCT FEBRUARY 24, 2013.
RJB Technical Consulting Microsoft Office SharePoint Server 2007 Governance Russ Basiura RJB Technical Consulting.
SEC303 Assessing and Managing Privacy in the Enterprise JC Cannon Privacy Strategist.
Ideas to Improve SharePoint Usage 4. What are these 4 Ideas? 1. 7 Steps to check SharePoint Health 2. Avoid common Deployment Mistakes 3. Analyze SharePoint.
Microsoft SharePoint Server 2010 for the Microsoft ASP.NET Developer Yaroslav Pentsarskyy
Module 9: Preparing to Administer a Server. Overview Introduction to Administering a Server Configuring Remote Desktop to Administer a Server Managing.
m AUTHOR EXECUTIVE TRACK CONSULTANTMAUIDAN HOLME.
SharePoint Solution Creation Tools for the IT Pro Without Semicolons Robert Bogue Thor Projects
1 Extending User Profiles with Line of Business Data Patrick Curran, MCT.
Online Conference June 17 th and 18 th What’s new in SharePoint 2016 for Power Users.
Module 10 Administering and Configuring SharePoint Search.
New & Improved Events List Relationships and Joins Large List Support Field & List Item Validation.
Module 14 Monitoring and Optimizing SharePoint Performance.
0 SharePoint Search 2013 Rafael de la Cruz SharePoint Developer Seneca Resources twitter.com/delacruz_rafael
Module 6 Securing Content. Module Overview Administering SharePoint Groups Implementing SharePoint Roles and Role Assignments Securing and Auditing SharePoint.
SharePoint Online – Developing Solutions for the Cloud Chris Mayo Microsoft Corporation
SharePoint Administrative Communications Planning: Dynamic User Notifications for Upgrades, Migrations, Testing, … PRESENTED BY ROBERT FREEMAN (
Advanced Feature Development Neil Iversen Inetium
Developer Design, build and test customizations Administrator Install and monitor customizations Site Collection Owner Activate and use customizations.
UNDERSTANDING YOUR OPTIONS FOR CLIENT-SIDE DEVELOPMENT IN OFFICE 365 Mark Rackley
Windows SharePoint Services Installation and Configuration.
Application Hosting and Customization Introducing Sandboxed Solutions Executing Code in the Sandbox Sandbox Resource Monitoring.
Site Lifecycle – Creating and Archiving Sites Robert Bogue Thor Projects
Workflow in Microsoft Office SharePoint Server Jessica Gruber Consultant Microsoft Corporation.
Software services delivering SharePoint, Mobile, and Business Intelligence solutions Understanding and implementing the remote provision pattern in SharePoint.
Bob German Principal Architect Future-Proof your SharePoint Customizations: Build 2010 Solutions that become 2013 Apps.
Configuring SQL Server for a successful SharePoint Server Deployment Haaron Gonzalez Solution Architect & Consultant Microsoft MVP SharePoint Server
Top 10 Non-SharePoint Technical Issues That Can Doom Your Implementation Robert Bogue (317)
Virtual techdays INDIA │ November 2010 SharePoint 2010 – Your one stop shop for all portal requirements Saranya Sriram │ Developer Evangelist, Microsoft.
Building an Extranet with Office 365 Without Spending a Ton of Money SharePoint Fest NYC.
Doug Perkes Senior Consultant Microsoft Corporation.
SP Business Suite Deployment Kick-off
Joy Rathnayake Senior Architect – Virtusa Pvt. Ltd.
SharePoint 2010 Performance and Capacity Planning Best Practices
Stop Those Prying Eyes Getting to Your Data
BIWUG | SPSaturday Sandboxed Solutions
Debunking the Top 10 Myths of Small Business Server: Using Windows SBS in Larger Environments Abstract: This session will debunk some of the common myths.
Developing an app for SharePoint autohosted in Azure
Simplifying XEvents Management with dbatools
Lesson #8 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 8 Configuring Applications and Internet Explorer.
Unit 8 NT1330 Client-Server Networking II Date: 8/2/2016
Microsoft Technical Support Number Microsoft Technical Support Number Call Now : Toll Free Call Now : Toll Free
What Is Sharepoint? Mohsen Ashkboos
Multi-Farm, Cross-Continent SharePoint Architecture
SharePoint Administrative Communications Planning: Dynamic User Notifications for Upgrades, Migrations, Testing, … Presented by Robert Freeman (
PSC Group, LLc Office 365/SharePoint Online Migration traps and tricks
Developing with Microsoft SharePoint Server 2010 Sandboxed Solutions
Presentation transcript:

Protecting Your SharePoint Environment from the Evil Developers Robert Bogue Thor Projects

No developers were hurt during the creation of this presentation. The PETD (People for the Ethical Treatment of Developers) asks that you please not harm your developers – and don’t have them spayed or neutered.

Who am I? 7 time Microsoft MVP currently awarded for SharePoint Architect = Developer + IT Professional Author of The SharePoint Shepherd’s Guide for End Users – and 17 other books. Blogger:

Agenda The Stories… Quotas – Defining Limits Sandbox – Gotta Keep ‘em Separated Queries – Containing Chaos

THE STORY Traditional IT Department development

You build a beautiful farm

A developer writes some code

Sometime later you start to notice problems

Then you get a call, at 3AM

You fly into the office

You try to diagnose the issue

But you can’t find it

You go home feeling like a donkey

THE STORY Enterprise with business groups that do development

Joe Business Group IT creates a solution…

It becomes essential for the business

One day it breaks

And now it’s your problem

SANDBOX Aka User Code Host

A walk down history lane… Windows 3.11 ● Cooperative Multitasking ● One bad apple spoils the bunch Windows NT ● Preemptive Multitasking ● One bad apple stands alone

SharePoint 2007 Developer Code Problems in developer code can directly impact SharePoint,.NET, and IIS Should be used for highly trusted and tested code IIS.NET SharePoint Developer Code

SharePoint 2010 Sandboxed Code Code runs in a separate process and SharePoint communicates to it to get information User Code Host IIS.NET SharePoint Sandbox Communication Application Domain Developer Code Application Domain Developer Code

Understanding the User Code Host Applies Object Limits Monitoring Resource Tracking

Object Limits CAS Policy ● SharePointPermission.ObjectModel ● SecurityPermission.Execution ● AspNetHostingPermission.Level = Minimal SharePoint Objects ● Microsoft.SharePoint Except SPSite constructor SPSecurity object SPWorkItem and SPWorkItemCollection objects SPAlertCollection.Add method SPAlertTemplateCollection.Add method SPUserSolution and SPUserSolutionCollection objects SPTransformUtilities ● Microsoft.SharePoint.Navigation ● Microsoft.SharePoint.Utilities Except SPUtility.Send method SPUtility.GetNTFullNameand FromLogin method ● Microsoft.SharePoint.Workflow ● Microsoft.SharePoint.WebPartPages Except SPWebPartManager object SPWebPartConnection object WebPartZone object WebPartPage object ToolPane object ToolPart object

Monitoring Processes running too long are killed The solution gets points “against it” for allowing itself to run too long.

Resource Tracking CPU Execution Time Memory Consumption SQL Query Time Abnormal Termination Critical Exceptions Unhandled Exceptions

Local vs. Remote Local ● Quick Execution (no remoting/marshalling) ● Sandboxed solutions can impact overall performance Remote ● Some overhead from remoting ● Sandboxed solutions can only impact other sandboxed solutions.

Solution Validator Additional Restrictions on Upload Inspect (and Reject) Solution Inspect (and Reject) Assembly

Sandbox Proxy Allows access beyond Sandbox limits Requires full trust installation Two parts: ● Proxy Operation ● Proxy Arguments

Solution Gallery A library in each Site Collection Contains Sandboxed Solutions Shows the resource utilization

Why Not Always Sandbox? Performance Penalty Limitations … Consider: ● RSS Reader ● Public APIs ● Read/Write from a custom database

QUOTAS

All Quotas Set at the site collection level Can be changed on the fly

Storage Quotas Number of MB assigned to each site collection Configurable warning size Applies to all data in the site collection

Resource Quotas Measured in “points” Set for all solutions in a site collection Configurable warning when a certain number of points are used Resets daily

QUERIES

Performance Impact Large Queries consume a lot of resources Limiting large queries contributes to overall performance improvements

Query Limits Non-administrators have a smaller limit (5000 item default) Administrators have a larger limit (20000 item default) Limits are set per web-application

Overrides and Exceptions Happy Hour Object Model Override

Your Feedback is Important Please fill out a session evaluation form drop it off at the conference registration desk. Thank you!

User Code Host IIS.NET SharePoint Sandbox Communication Application Domain Developer Code Application Domain Developer Code

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.