Our Pistachio product team has finished building a new installer for Pistachio, and it works great. It sets up the configuration database, the administrative portal in IIS, creates the initial administrative user account, and then generates the PowerShell scripts to make installing the Pistachio SharePoint web part a cinch.
Now, in SharePoint 2013, Pistachio is even easier to install, and we didn't do a thing. How did this happen?
In SharePoint 2010, farm solutions default to Minimal Trust, which essentially blocks off a lot of capabilities installed web parts might need to use, such as querying external databases. For SharePoint 2010, we have documentation for creating custom security files which allow Pistachio to function under Full Trust, while keeping the other parts of your SharePoint environment safely running at Minimal Trust. and we didn’t do a thing. How did this happen?
For SharePoint 2013, however, all farm solutions now run under Full Trust:
So for Pistachio running in SharePoint 2013, the need for custom security files has gone away, removing a somewhat complex setup step!
Essentially, Microsoft has decided that code running locally on SharePoint servers will essentially have complete access to the local environment, while apps built with the new App Model will essentially be completely isolated from SharePoint’s local environment (due to them running on separate servers).
I welcome Microsoft’s simplification of SharePoint code permissions. All too often, software has so many options for security that security holes develop due to sheer complexity. Microsoft is making things simple: local farm solutions have full access to SharePoint’s local resources and app solutions have no direct access to local resources.
What do you think? Is this a good move, or are valuable security options being lost? Comment below!
Follow the author Paul Katz, Chief Software Architect for LimeLeap, on Twitter: @napkatz