Friday, May 15, 2009

Disadvantage(s) of RunWithElevatedPrivileges

With Great Power Comes Great Responsibility!

Which means > More Security and then finally the chances of getting breached are? Read on...

SPSecurity.RunWithElevatedPrivileges - A very powerful delegate method to get your self a magic wand with which you can 'almost' get to everything you want.

When you run the context under RunWithElevatedPrivileges - function allows access to secured SharePoint objects from the object model by changing the WSS user account context to SHAREPOINT\System. The current windows user context now changes to the current application pool user, configured in IIS. In typical SharePoint farm installations, the application pool user is an AD user with restricted permissions and limited access to external resources, although typically this user has more permissions than the local IUSR_MACHINENAME user.

and now 'YOU' become 'System User' and have access to 'EVERYTHING' - a security hole.

Apart from this, you got to code for this delegate my dear.

Use your better judgement.

No comments: